credential delegator server cds as a system …...docker, i need your help. setup cds server...

CDS AS A SYSTEM INSPECTOR - INSTALL & DEPLOY WITH CONTAINER

CREDENTIAL DELEGATOR SERVER

Pongpat Poapetch

Senior System Engineer

iThesis Research & Development Team

Development of Standard Procedures of Thesis/Dissertation/Independent-Study

Quality Management Framework & Implementation for Thai’s Higher Education,

Thai Library Integrated System (ThaiLIS)

WHAT IS CDS?Credential Delegator Server is a server who gave permission server instead of another servers. It is similar to a proxy server but it has especially functions.

src: http://www.dailymail.co.uk/

SETUP CDS SERVER WORKSHOP 3

I am CDS.

“Can i see my profile?”

Sure, here is his profile.

Okay.

Thank!“Can i have a meal?”

Okay.

Send him a cheese burger.

Yummy !!

SETUP CDS SERVER WORKSHOP

CDS ON-PREMISE STRUCTURE

4


CDS SAAS STRUCTURE

5


CREDENTIAL DELEGATOR SERVER

▸ provide data service

▸ central data transition

▸ mapping database pattern

▸ medium authentication service

▸ etc.

STRONG !!!

6

HOW TO BE LIKE I AM ? (CDS)


STRONG !!!

PREREQUISITES (1)


▸ 1 server instant (virtual or physical machine)

▸ Pre-installed OS: Centos 7.2.x.x (clean install)

▸ Create user admin: cdsgw

▸ Insert user cdsgw to sudoer file

▸ Internet and Intranet is required

▸ * Optional: Disable root login

▸ * Optional: Key-based SSH authentication

8

LET ME INTRODUCE MYSELF.


BO BO

PREREQUISITES (2)


WHAT IS DOCKER?

▸ Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries, or else.

▸ This guarantees that it will always run the same, regardless of the environment it is running in.

See more: https://www.docker.com

10

DOCKER, I NEED YOUR HELP.


IS IT GOOD ? WHY DOCKER?

YOUR SERVERS ARE READY, SIR.See more: https://www.docker.com

HELP ME !! I NEED A SERVER THAT CONTAINS APACHE,

PHP, JAVA, TOMCAT, NODE.JS, PROXY, MYSQL, POSTGRES, ORACLE-DB, MSSQL, DB2 AND THE BLA BLA BLA BLA BLA…

I NEED IT TOO.YOUR SERVER IS READY.

OH MY GOD !!!!

11

(8 HRS LATER…)

▸ You can build, ship, run any app, anywhere.

▸ For example: Old-school step, you may need 8 + 6 hrs for 2 servers. But Docker step, you need 8 + 0.5 hrs for 2 servers.


WHY DO NOT JUST USE VIRTUAL MACHINE AND DUPLICATE IT?

▸ Can not control everything. (hardware or else.)

▸ Everyone are not in one site.

▸ Different OS may not suitable for all.

▸ A different version on single app may cause fatal error.

▸ It’s not portable.

LET ME SHOW YOU, HOW TO GET US ?


STRONG !!!

BO BO

RUN IT !


I WANT TO BE A CDS.

I’m a clean install server.

I’m a iThesis setup server.

YES, YOU CAN.

FIRST, YOU NEED TO CALL “INIT-SERVER”.

curl -s http://install.ithesiscloud.com/script/init-server | sh

OK, CATCH IT !

Loading…

I GOT DOCKER ENGINE AND READY TO GET ANY CONTAINER.WHAT NEXT?

NOW, YOU NEED TO CALL “MAKE-BUNDLE”.

curl -s http://install.ithesiscloud.com/script/make-bundle | sh -s cds

OK, CATCH IT !

I’m a server with docker-engine.

CONFIG FILES

DOCKERFILE SCRIPT DEPLOY

SOURCECODE

ARGS.INI

Configuring args.ini and pre-config files…

STRONG !!! HERE I AM.

NOW, YOUR CDS IS READY !


CHART SET-UP CDS SERVER

15

OK, LET DO IT TOGETHER.


BO BO


OPEN PUTTY, TERMINAL, CONSOLE

LinuxWindows

17

Mac


CONNECT TO YOUR CDS-GW-INSPECTOR.

18

$> ssh cdsgw@<ip-address> [-i path/to/rsa-key]


RUN SCRIPT INIT-SERVER WITH SUDO AND WAIT UNTIL IT FINISH.

19

$> sudo curl -s http://install.ithesiscloud.com/script/init-server | sh


AFTER INIT-SERVER IS FINISH, SU YOURSELF WITH NEW ENV.

20

$> su - cdsgw


HELLO-WORLD.

21

$> docker run hello-world


LET WORK WITH “ TMUX ”

22

$> tmux

learn more about tmux: https://tmux.github.io/


LET GET A CDS BUNDLE.

23

$> curl -s http://install.ithesiscloud.com/script/make-bundle | sh -s cds <secret-key>

06101603


IT WILL DOWNLOAD A BUNDLE AS ZIP, AFTER THAT EXTRACT IT.

24

$> unzip {hashcode}.zip


CHANGE DIRECTORY TO BUNDLE DIR.

25

$> cd {hashcode}


LIST IT TO SEE WHAT WE GOT.

26

$> ls


WE NEED PRE-CONFIGURATION. LET EDIT ARGS.INI

27

$> vim args.ini


IF YOU DON’T LIKE VIM, USE SFTP APPLICATION WHAT EVER YOU WANT.

28

FileZilla WinSCP Cyberduck


ARGS.INI

29

IMAGE_NAME CONTAINER_NAME PORT_HOST PORT_CONTAINER

BASE_VOL PATH_VOLx


SAVE ARGS.INI, AND RUN IT.

30

$> sudo sh docker_init.sh


WAIT FOR A WHILE.

31


AFTER RUN FINISH, CHECK CONTAINER STATUS.

32

$> docker ps


CHECK IT ON WEB BROWSER.

33

url: http://<your-hostname>:<port>/master-db/public/CDS

OOPS ! HELP ME DO POST-CONFIG.

LEARN MORE ABOUT POST-CONFIG.


BO BO


POST-CONFIGURATION CHART

cds-allow-ips.conf

status_CDS.conf

conf

app-cds

ldap / confighost_x.conf

… (add what ever you want.)master-db

35

app / controllers / config / sync

ETC.

faculty.ini

major.ini

degree.ini

advisor.ini

student.ini

department.ini

qualification.ini

officer.ini

* the other config files might not configure. (default configuration is ready to use)

db-connection.php


APP-CDS / CONF

36

cds-allow-ips.conf

LIST OF IP-ADDR FOR TDCAPP

IP-ADDR FOR MASTERDB


APP-CDS / CONF

37

status_CDS.conf

IP-ADDR OR HOSTNAME OF IR

DEFAULT: LDAP

YOU CAN ADD OTHER SERVICE DOWN HERE…


APP-CDS / CONF

38

db-connection.php

…

CHOOSE DBMS.

CONFIG YOUR DATABASE PARAMS.


APP-CDS / LDAP / CONFIG /

39

host_student.conf host_staff.confSERVER NAME

EX: 100.20.30.40 OR EXAMPLE.LDAP.COM

LDAP PORT

USERNAME

PASSWORD

BASE DN

IDENTITY ATTR.

REQUIRED ATTR.

ROLE: STUDENT OR STAFF

OU=STUDENT OR OU=STAFF

MAPPING ATTR.


APP-CDS / LDAP / CONFIG /

40

extra: host_staff.conf

SUPER-ADMIN USER

KEY FORM ITHESIS


APP-CDS / MASTER-DB/ APP / CONTROLLERS / CONFIG / SYNC

41

DBMS *.ini

DATABASE NAME

TABLE / VIEW NAME

PK OR UNIQUE ID

MAPPING FIELDS …

…VALIDATE FIELDS

OK, LET DO IT TOGETHER.


BO BO

WORKSHOP IN PROGRESS…

THANK YOU.

iThesis Research & Development Team

credential delegator server cds as a system …...docker, i need your help. setup cds server...

Documents