[midPoint] midPoint 3.8 Docker Install with MySQL
Solberg, Eric
eric at solberg.com
Wed Oct 17 23:00:11 CEST 2018
Thanks everyone for your help working through the issues I had here. I thought I’d give back to the list here with the complete steps to make this work.
I’m using VMs based on Debian 9 on Google Cloud Platform. This should work in Docker containers or other Linux environments perhaps with minor changes to some of the apt-get steps. These instructions presume you have a MySQL instance running at [mysql-host] and have your MySQL [root-password].
Here I’m using a throw-away VM instance to get the initial configuration working.
Make sure your package library is up to date:
sudo apt-get update
If you don’t have Java, install it:
sudo apt-get install openjdk-8-jdk
Install midpoint standalone- this is temporary and can be a throw-away instance
cd ~
wget https://evolveum.com/downloads/midpoint/3.8/midpoint-3.8-dist.tar.gz
sudo tar xzf midpoint-3.8-dist.tar.gz -C /opt
sudo mv /opt/midpoint-3.8 /opt/midpoint
sudo /opt/midpoint/bin/start.sh
Midpoint will take a few minutes to start. You can monitor startup with:
sudo tail /opt/midpoint/var/log/midpoint.log
You can access the demo install at http://myserver-ip-or-localhost:8080. It takes a while to load the first time.
Log in as user: administrator / password: 5ecr3t
Shut down:
sudo /opt/midpoint/bin/stop.sh
Get the MySQL client if you don’t have it:
sudo apt-get install mysql-client
Create the MySQL database:
mysql -h [mysql-host] -u root -p
Enter password: [root-password]
MySQL> CREATE DATABASE midpoint CHARACTER SET utf8 DEFAULT CHARACTER SET utf8 COLLATE utf8_bin DEFAULT COLLATE utf8_bin;
MySQL> CREATE USER 'midpoint' IDENTIFIED BY 'some-password';
GRANT ALL on midpoint.* TO 'midpoint';
MySQL> \q
Import the database schema (will take a minute or so):
mysql -h [mysql-host] -u midpoint -p midpoint < /opt/midpoint/doc/config/sql/_all/mysql-3.8-all-utf8mb4.sql
Enter password: [some-password]
Install the MySQL driver:
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.12.tar.gz
tar xzf mysql-connector-java-8.0.12.tar.gz
sudo mkdir -p /opt/midpoint/var/lib
sudo cp mysql-connector-java-8.0.12/mysql-connector-java-8.0.12.jar /opt/midpoint/var/lib/
Update config.xml to use the MySQL driver:
sudo vim /opt/midpoint/var/config.xml
You will replace the entire <repository> … </repository> section.
Replace:
<repository>
<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory
</repositoryServiceFactoryClass>
<baseDir>${midpoint.home}</baseDir>
<asServer>true</asServer>
</repository>
With (remember to replace [mysql-host] and [some-password] with the appropriate info):
<repository>
<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory
</repositoryServiceFactoryClass>
<database>mysql</database>
<jdbcUsername>midpoint</jdbcUsername>
<jdbcPassword>[some-password]</jdbcPassword>
<jdbcUrl>jdbc:mysql://[mysql-host]:3306/midpoint?characterEncoding=utf8&disableMariaDbDriver</jdbcUrl>
</repository>
Re-start midpoint with the MySQL database.
sudo /opt/midpoint/bin/start.sh
Midpoint will take a couple minutes to start, then you can access at http://serverip-or-localhost:8080
Log in as user: administrator / password: 5ecr3t
If all is well, midpoint will now be accessing the MySQL database. Note that this database must now be used with the keystore.jceks and config.xml files in your installation, which we will put into the permanent Docker image. There are other approaches, such as persistent volumes- but this is simple.
Shutdown again:
sudo /opt/midpoint/bin/stop.sh
If you don’t have Docker installed (these steps from https://docs.docker.com/install/linux/docker-ce/debian/):
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce
sudo docker run hello-world
Create a Dockerfile that includes midpoint, the MySQL driver, and the keystore.jceks and config.xml files.
mkdir ~/midpoint-docker
cd ~/midpoint-docker
sudo cp /opt/midpoint/var/config.xml .
sudo cp /opt/midpoint/var/keystore.jceks .
sudo chmod 666 config.xml keystore.jceks
In this directory, create a file named Dockerfile and paste the following into the file:
FROM openjdk:8-jdk-alpine
MAINTAINER you at domain.com
ENV MP_VERSION 3.8
ENV MP_DIR /opt/midpoint
ENV XMX 3072M
ENV XMS 3072M
RUN mkdir -p ${MP_DIR}/var \
&& echo 'Downloading midPoint archive...' \
&& wget https://evolveum.com/downloads/midpoint/${MP_VERSION}/midpoint-${MP_VERSION}-dist.tar.gz -P ${MP_DIR} \
&& echo 'Extracting midPoint archive...' \
&& tar xzf ${MP_DIR}/midpoint-${MP_VERSION}-dist.tar.gz -C ${MP_DIR} --strip-components=1 \
&& echo 'Downloading MySQL driver...' \
&& cd /tmp \
&& wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.12.tar.gz -P . \
&& echo 'Extracting and installing MySQL driver...' \
&& tar xzf mysql-connector-java-8.0.12.tar.gz \
&& mkdir -p ${MP_DIR}/var/lib \
&& cp mysql-connector-java-8.0.12/mysql-connector-java-8.0.12.jar ${MP_DIR}/var/lib \
&& echo 'Cleaning up...' \
&& rm mysql-connector-java-8.0.12.tar.gz \
&& rm -rf mysql-connector-java-8.0.12 \
&& rm ${MP_DIR}/midpoint-${MP_VERSION}-dist.tar.gz \
&& echo 'Done.'
COPY config.xml ${MP_DIR}/var/
COPY keystore.jceks ${MP_DIR}/var/
CMD ["/bin/sh", "-c", "java -Xmx$XMX -Xms$XMS -Dfile.encoding=UTF8 -Dmidpoint.home=$MP_DIR/var -jar $MP_DIR/lib/midpoint.war"]
Save this file, then build and run the docker file:
sudo docker build -t midpoint-docker .
You should now be able to run the image:
sudo docker run -p 8080:8080 midpoint-docker
You’ll see the midpoint log messages, and should be able to access http://serverip-or-localhost:8080 once it has started.
In my case, I’m pushing this to the google container repository (gcr.io) and have used this image to initialize GCE VMs and GKE kubnernetes instances.
Then I’ve put this behind a load balancer with DNS “internal.mydomain.com”, removed the public IP address from the VM, set up SSL on the load balancer frontend, and enabled Identity Aware Load Balancing in GCP. I’ll be using this approach for my internal admin tools including midpoint.
Hope this helps!
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181017/45e9a250/attachment.htm>
More information about the midPoint
mailing list