Docker compose
Docker
Fuente: https://docs.docker.com/engine/install/ubuntu/
Quitamos dependencias antiguas
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; doneActualizamos repositorios
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get updateInstalamos docker
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-pluginUsuario sin sudo
sudo vi /etc/group
docker:x:988:soffid01
sudo systemctl restart docker
sudo usermod -aG docker soffid01
exit > login
docker psDocker compose
Documentación Soffid: https://bookstack.soffid.com/books/installation/page/installing-soffid
Documentación Docker compose: https://docs.docker.com/reference/cli/docker/compose/
sudo vi docker-compose.yaml
mariadb
services:
mariadb:
image: mariadb:11.1.2
environment:
MYSQL_ROOT_PASSWORD: dkF45.r4f
MYSQL_DATABASE: soffid
MYSQL_USER: soffid
MYSQL_PASSWORD: 98nds.D3
ports:
- 3306:3306
healthcheck:
test: "/usr/bin/mariadb --user=root --password=dkF45.r4f --execute \"SHOW DATABASES;\""
interval: 2s
timeout: 20s
retries: 10
command:
- --max_allowed_packet=128M
- --innodb_log_file_size=256M
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
- --server-id=1
- --log-bin
- --binlog-format=row
- --expire-logs-days=15
- --max-binlog-size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062
networks:
- network
volumes:
- mariadb_data:/var/lib/mysql
console:
image: soffid/iam-console:3.6.17
environment:
DB_URL: jdbc:mariadb://mariadb/soffid
DB_USER: soffid
DB_PASSWORD: 98nds.D3
ports:
- 8080:8080
networks:
- network
healthcheck:
test: bash -c "(echo 'GET /soffid/anonymous/logo.svg HTTP/1.1' >&0; echo >&0; cat >&2;) <> /dev/tcp/localhost/8080"
interval: 10s
timeout: 20s
retries: 10
start_period: 40s
volumes:
- console_trust:/opt/soffid/iam-console-3/trustedcerts
- console_conf:/opt/soffid/iam-console-3/conf
- console_logs:/opt/soffid/iam-console-3/logs
- console_index:/opt/soffid/iam-console-3/index
depends_on:
mariadb:
condition: service_healthy
sync-server:
image: soffid/iam-sync:3.6.14
hostname: sync-server
environment:
SOFFID_PORT: 1760
SOFFID_HOSTNAME: sync-server.netcompose
SOFFID_MAIN: yes
DB_URL: jdbc:mysql://mariadb/soffid
DB_USER: soffid
DB_PASSWORD: 98nds.D3
ports:
- 1760:1760
networks:
- network
volumes:
- sync_conf:/opt/soffid/iam-sync/conf
depends_on:
mariadb:
condition: service_healthy
console:
condition: service_healthy
networks:
network:
name: netcompose
driver: bridge
volumes:
mariadb_data:
name: compose_mariadbdata
console_trust:
name: compose_console_trustedcerts
console_conf:
name: compose_console_conf
console_logs:
name: compose_console_logs
console_index:
name: compose_console_index
sync_conf:
name: compose_sync_confEn la máquina 2 hay un campo diferentes (ver sección réplica base de datos).
- --server-id=2Iniciamos los contenedores.
docker compose up -dComandos útiles.
docker compose ps
docker compose logs -f console
docker compose logs -f sync-server
docker compose exec -it console bash
docker compose exec -it sync-server bash
Habilitar port forwarding
Primero hay que confirmar o actualizar la configuración del port forwarding del servidor.
sudo vi /etc/ssh/sshd_config
AllowTcpForwarding yes
sudo systemctl restart sshAbrimos el puerto por port forwarding mediante una conexión ssh.
ssh -L 8080:localhost:8080 soffid01@172.16.9.20Ahora accedemos a través del navegador.
http://localhost:8080Usuarios admin y svives creados y con password en el vault.
Replica de BBDD
Documentación Soffid: https://bookstack.soffid.com/books/installation/page/creating-a-multimaster-mariadb-replica-2b4
Documentación EMASA: https://bookstack.soffid.com/books/emasa/page/sincronizar-bases-de-datos
Paso 1:
Añadir estos parámetros en el servidor 1.
- --server-id=1
- --log-bin
- --binlog-format=row
- --expire-logs-days=15
- --max-binlog-size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062En el servidor 2.
- --server-id=2
- --log-bin
- --binlog-format=row
- --expire-logs-days=15
- --max-binlog-size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062Hacemos un backup del servidor 1.
docker compose exec -it mariadb bash -c 'mariadb-dump -u root --password="dkF45.r4f" soffid' > mariadb-backup.sqlLo copiamos al servidor 2.
scp mariadb-backup.sql soffid02@172.16.9.35:/home/soffid02/He dejado solo la base de datos (yaml) y ahora cargamos el backup en el servidor 2.
docker compose cp mariadb-backup.sql mariadb:/tmp
docker compose exec -it mariadb bash
mariadb -u soffid -p soffid < /tmp/mariadb-backup.sqlCreamos un usuario para replicar los datos del servidor 2 al 1
docker compose exec -it mariadb bash
mariadb -u soffidroot -p soffid-password="$MYSQL_ROOT_PASSWORD"
create user replication_user@172.16.9.35 identified by 'SDfh.343';
grant replication slave on *.* to replication_user@172.16.9.35;
set password for replication_user@172.16.9.35 = password('SDfh.343');Y en el servidor 1.
docker compose exec -it mariadb bash
mariadb -u root -p soffid-password="$MYSQL_ROOT_PASSWORD"
create user replication_user@172.16.9.35 identified by 'Adfv45.d';
grant replication slave on *.* to replication_user@172.16.9.35;
set password for replication_user@172.16.9.35 = password('Adfv45.d');Consultamos en servidor 1.
MariaDB [soffid]> show master status;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| mysqld-bin.000001 | 1335314 | | |
+-------------------+----------+--------------+------------------+Iniciamos replica en el servidor 2.
CHANGE MASTER TO
MASTER_HOST='172.16.9.20',
MASTER_USER='replication_user',
MASTER_PASSWORD='Adfv45.d',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysqld-bin.000001',
MASTER_LOG_POS=1335314,
MASTER_CONNECT_RETRY=10;Consultamos si está activo.
MariaDB [soffid]> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.16.9.35
Master_User: replication_user
Master_Port: 3306
Connect_Retry: 10
Master_Log_File: mysqld-bin.000002
Read_Master_Log_Pos: 1408
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 1485
Relay_Master_Log_File: mysqld-bin.000002
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Rewrite_DB:
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table: soffid.SC_SEQUENCE
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 1408
Relay_Log_Space: 1795
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 2
Master_SSL_Crl:
Master_SSL_Crlpath:
Using_Gtid: No
Gtid_IO_Pos:
Replicate_Do_Domain_Ids:
Replicate_Ignore_Domain_Ids:
Parallel_Mode: optimistic
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
Slave_DDL_Groups: 3
Slave_Non_Transactional_Groups: 0
Slave_Transactional_Groups: 2
1 row in set (0.001 sec)
Si no funciona, podemos volver a arrancarlo.
start slave;Cuando funcione aparecerá esto.
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Seconds_Behind_Master: 0Consultamos el estado de la maquina 2.
MariaDB [(none)]> show master status;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| mysqld-bin.000002 | 343 | | |
+-------------------+----------+--------------+------------------+Iniciamos replica en el servidor 1.
CHANGE MASTER TO
MASTER_HOST='172.16.9.35',
MASTER_USER='replication_user',
MASTER_PASSWORD='SDfh.343',
MASTER_PORT=3306,
MASTER_LOG_FILE='mysqld-bin.000002',
MASTER_LOG_POS=343,
MASTER_CONNECT_RETRY=10;
Consultamos si está activo.
MariaDB [soffid]> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State:
Master_Host: 172.16.9.20
Master_User: replication_user
Master_Port: 3306
Connect_Retry: 10
Master_Log_File: mysqld-bin.000001
Read_Master_Log_Pos: 1335314
Relay_Log_File: mysqld-relay-bin.000001
Relay_Log_Pos: 4
Relay_Master_Log_File: mysqld-bin.000001
Slave_IO_Running: No
Slave_SQL_Running: No
Replicate_Rewrite_DB:
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table: soffid.SC_SEQUENCE
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 1335314
Relay_Log_Space: 256
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 0
Master_SSL_Crl:
Master_SSL_Crlpath:
Using_Gtid: No
Gtid_IO_Pos:
Replicate_Do_Domain_Ids:
Replicate_Ignore_Domain_Ids:
Parallel_Mode: optimistic
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State:
Slave_DDL_Groups: 0
Slave_Non_Transactional_Groups: 0
Slave_Transactional_Groups: 0
1 row in set (0.001 sec)Si no funciona, podemos volver a arrancarlo.
Traefik / nginx
Hay que incluir un balanceador para las consultas a la Consola y esta a las base de datos.
???????????????????
Soffid LDAP
Documentación: https://bookstack.soffid.com/books/soffid-ldap/page/how-to-install-soffid-ldap
soffid-ldap:
image: soffid/soffidldap:15
environment:
SOFFID_SERVER=https://sync-server.netcompose:1760
SOFFID_AGENT=soffidldap
USER=admin
PASSWORD=4T.g345f
DN=dn=unal,dn=co
ports:
- 1389:389
networks:
- network
healthcheck:
test: bash -c "(echo 'GET /soffid/anonymous/logo.svg HTTP/1.1' >&0; echo >&0; cat >&2;) <> /dev/tcp/localhost/8080"
interval: 10s
timeout: 20s
retries: 10
start_period: 40s
volumes:
- ldapconf:/etc/ldap/slapd.d
- ldapdata:ldapdata
depends_on:
mariadb:
condition: service_healthy