Running with docker-compose

Since Curity has dependencies on data source, it can be convenient to run the entire setup through the same environment. This depends a lot on how the company data-source structure is setup and what is desired from an architectural perspective.

To setup a docker-compose system we can use the Docker image build in the previous section.

docker-compose has some benefits when running containers of making mounting of resources very simple and uniform. Even if only Curity nodes are used it could still add value to the deployment.

Creating a docker-compose.yml file#

First we need to define our docker-compose file. This is an example that uses a mysql database and a single node cluster with Curity. In this example we assume that the container has been built elsewhere. It’s possible to have docker-compose do the build we defined in the previous chapter. Please consult the docker-compose documentation for details on that.

To communicate with MySQL the Curity image must have been created with the mysql jdbc driver or the driver needs to be mounted in using the docker-compose file.

version: '2'
services:
  admin:
    image: your-repo/curity:4.1.0
    ports:
      - 8443:8443
      - 6749:6749
      - 6789:6789
    volumes:
      - ./usr/share/templates/overrides:/opt/idsvr/usr/share/templates/overrides
      - ./usr/share/templates/template-areas:/opt/idsvr/usr/share/templates/template-areas
      - ./usr/share/messages/overrides:/opt/idsvr/usr/share/messages/overrides
      - ./usr/share/webroot/custom:/opt/idsvr/usr/share/webroot/custom
    environment:
      - SERVICE_ROLE=admin
      - ADMIN=true
    depends_on:
      - db
    links:
      - db:database

  runtime:
    image: your-repo/curity:4.1.0
    ports:
      - 8443:8443
      - 6749:6749
    volumes:
      - ./usr/share/templates/overrides:/opt/idsvr/usr/share/templates/overrides
      - ./usr/share/templates/template-areas:/opt/idsvr/usr/share/templates/template-areas
      - ./usr/share/messages/overrides:/opt/idsvr/usr/share/messages/overrides
      - ./usr/share/webroot/custom:/opt/idsvr/usr/share/webroot/custom
    environment:
      - SERVICE_ROLE=runtime
      - ADMIN=false
    depends_on:
      - db
    links:
      - db:database

  db:
    image: mysql:latest
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: rootroot
    volumes:
      - ./mysql/mysql-create_database.sql:/docker-entrypoint-initdb.d/create-tables.sql

The Database Section#

The MySQL image was bootstrapped with a create-table script. This is the script found in $IDSVR_HOME/etc/mysql-create_database.sql. This script assumes that a database exists and is active. If this is not the case, it can be created automatically by adding the following to the beginning of the script:

CREATE database se_curity_store;
USE se_curity_store;
...

Depending on how the database is defined, the db section of the docker-compose.yml file should be updated (e.g., with the addition of MYSQL_DATABASE=se_curity_store). In this example the official MySQL container is used, but a new container named db is created that has the Curity database created and initialized.

Volumes#

The docker-compose file mounted a few volumes. This is of course optional. Common volumes to mount are:

  • Template overrides
  • Template areas (per client overrides)
  • Localization overrides
  • Static content

Other things that can be mounted are of course drivers and plugins if these are not part of the original container.

Running with docker-compose#

To run the containers simply start docker-compose:

$ docker-compose up -d

Was this helpful?