PingIntelligence

Using environment variables example

The following sections show example of using environment variables to create containers.

About this task

The containers must be created in the following order:

  1. MongoDB

  2. Zookeeper

  3. Kafka

  4. API Behavioral Security (ABS)

  5. API Security Enforcer (ASE)

  6. API Publish

  7. Dashboard

Steps

  1. To launch the MongoDB container, run the following command with some sample environment variables:

    docker run -d --name mongo --hostname mongo

    Result:

    Running this command creates the MongoDB container with settings in environment variables provided.

    docker run -d --name mongo --hostname mongo -e MONGO_USERNAME="new_mongo_user" \
    -e MONGO_PASSWORD="new_mongo_password" \
    -e WIRED_TIGER_CACHE_SIZE_GB="1.8" \
    -e MONGO_SSL="true" pingidentity/mongo:4.2.0

    If any of the environment variables are not used, then the container is launched with the default values.

  2. To launch the Zookeeper container, run the following command with some sample environment variables:

    docker run -d --name zookeeper --hostname zookeeper

    Example:

    docker run -d --name zookeeper --hostname zookeeper -e ZOOKEEPER_PORT="2181" \
    -e ZOOKEEPER_SSL_PORT="2182" \
    pingidentity/zookeeper:5.1
  3. To launch the Kafka container, run the following command with some sample environment variables:

    docker run -d --name kafka --hostname kafka --link zookeeper:zookeeper

    Example:

    docker run -d --name kafka --hostname kafka --link zookeeper:zookeeper \
    -e ZOOKEEPER_URL="zookeeper:2182" \
    -e KAFKA_SASL_PORT="9093" \
    -e KAFKA_SSL_PORT="9092" \
    -e DELETE_TOPIC="true" \
    -e REPLICATION_FACTOR="1" \
    -e TOPIC_PARTITION="1" \
    -e ABS_CONSUMER_USER="abs_consumer" \
    -e ABS_PRODUCER_USER="abs_producer" \
    -e ABS_CONSUMER_GROUP="pi4api.abs" \
    -e ABS_CONSUMER_PASSWORD="changeme" \
    -e ABS_PRODUCER_PASSWORD="changeme" \
    -e TRANSACTION_TOPIC="pi4api.queuing.transactions" \
    -e ATTACK_TOPIC="pi4api.queuing.ioas" \
    -e ANOMALIES_TOPIC="pi4api.queuing.anomalies" \
    -e DE_CONSUMER_USER="pi4api_de_user" \
    -e DE_CONSUMER_GROUP="pi4api.data-engine" \
    -e DE_CONSUMER_PASSWORD="changeme" \
    -e RETENTION_PERIOD="172800000" \
    -e POD_NAME="0" \
    pingidentity/kafka:5.1
  4. To launch the ABS container, run the following command with some sample environment variables:

    docker run -d --name abs --hostname abs --link mongo:mongo --link kafka:kafka

    Example:

    docker run -d --name abs --hostname abs --link mongo:mongo --link kafka:kafka -e MONGO_RS=mongodb://mongo:27017 \
    -e MONGO_USERNAME="new_mongo_user" \
    -e MONGO_PASSWORD="new_mongo_password" -e MONGO_SSL="true" \
    -e ABS_ACCESS_KEY="new_abs_ak" \
    -e ABS_SECRET_KEY="new_abs_sk" -e ABS_ACCESS_KEY_RU="new_abs_ak_ru" \
    -e ABS_SECRET_KEY_RU="new_abs_sk_ru" \
    -e ATTACK_INITIAL_TRAINING="24" \
    -e API_DISCOVERY="true" -e API_DISCOVERY_INITIAL_PERIOD="6" \
    -e API_DISCOVERY_UPDATE_INTERVAL="1" \
    -e API_DISCOVERY_SUBPATH="3" \
    -e KAFKA_SERVERS="kafka:9093" \
    -e KAFKA_MIN_INSYNC_REPLICA="1" \
    -e ABS_CONSUMER_USER="abs_consumer" \
    -e ABS_PRODUCER_USER="abs_producer" \
    -e ABS_CONSUMER_GROUP="pi4api.abs" \
    -e ABS_CONSUMER_PASSWORD="changeme" \
    -e ABS_PRODUCER_PASSWORD="changeme" \
    -e TRANSACTION_TOPIC="pi4api.queuing.transactions" \
    -e ATTACK_TOPIC="pi4api.queuing.ioas" \
    -e ANOMALIES_TOPIC="pi4api.queuing.anomalies" \
    pingidentity/abs:5.1
  5. To launch the ASE container, run the following command with some sample environment variables to launch the ASE container:

    docker run -d --name ase --link abs:abs --hostname ase

    Example:

    docker run -d --name ase --link abs:abs --hostname ase -e MODE="inline" \
    -e ENABLE_CLUSTER="true" -e ENABLE_ABS="true" -e ABS_ENDPOINT="abs:8080" \
    -e ABS_ACCESS_KEY="new_abs_ak" -e ABS_SECRET_KEY="new_abs_sk" -e ENABLE_ABS_PUBLISH="true" --shm-size=1g pingidentity/ase:5.1
  6. To launch the second ASE node in ASE cluster, run the following command with some sample environment variables to launch the ASE node in a cluster:

    docker run -d --name ase1 --link abs:abs --link ase:ase --hostname ase1

    Example:

    docker run -d --name ase1 --link abs:abs --link ase:ase --hostname ase1 \
    -e MODE="inline" -e ENABLE_CLUSTER="true" \
    -e PEER_NODE="ase:8020" -e ENABLE_ABS="true" \
    -e ABS_ENDPOINT="abs:8080" -e ABS_ACCESS_KEY="new_abs_ak" \
    -e ABS_SECRET_KEY="new_abs_sk" --shm-size=1g pingidentity/ase:5.1
  7. To launch the API Publish container, run the following command with some sample environment variables:

    docker run -d --name apipublish --hostname apipublish --link mongo:mongo

    Example:

    docker run -d --name apipublish --hostname apipublish --link mongo:mongo -e MONGO_RS=mongodb://mongo:27017 \
    -e MONGO_USERNAME="new_mongo_user" \
    -e MONGO_PASSWORD="new_mongo_password" -e MONGO_SSL="true" \
    pingidentity/apipublish:5.1
  8. To launch the Dashboard, run the following command with some sample environment variables:

    docker run -d --name webgui --link abs:abs --link ase:ase --link apipublish:apipublish --link kafka:kafka --hostname webgui

    Example:

    docker run -d --name webgui --link abs:abs --link ase:ase --link apipublish:apipublish --link kafka:kafka --hostname webgui \
    -e ABS_RESTRICTED_USER_ACCESS="false" \
    -e ABS_ACCESS_KEY="new_abs_ak" -e ABS_SECRET_KEY="new_abs_sk" -e ABS_HOST="abs" \
    -e ABS_URL="https://abs:8080" -e ASE_URL="https://ase:8010" \
     -e WEBGUI_ADMIN_PASSWORD="new_webgui_admin_password" \
    -e WEBGUI_PING_USER_PASSWORD="new_webgui_pinguser_password" \
    -e KAFKA_SERVERS="kafka:9093" \
    -e KAFKA_MIN_INSYNC_REPLICA="1" \
    -e DE_CONSUMER_USER="ping_user" \
    -e DE_CONSUMER_GROUP="pi4api.data-engine" \
    -e DE_CONSUMER_PASSWORD="changeme" \
    -e TRANSACTION_TOPIC="pi4api.queuing.transactions" \
    -e ATTACK_TOPIC="pi4api.queuing.ioas" \
    -e ANOMALIES_TOPIC="pi4api.queuing.anomalies" \
    -e API_PUBLISH_URL="https://apipublish:8050" \
    -p 8030:8030 -p 8040:8040 pingidentity/dashboard:5.1

Next steps

When the containers are created, the exposed ports are not mapped. To map the ports, you need to complete port mapping using the -p option in the docker run command. The following table lists the ports that should be exposed in the container.

Component Port number Usage

ASE

8080

HTTP data plane

8443

HTTPS data plane

8010

Management port number

8020

Cluster port number

ABS

8080

API server port number

Dashboard

8030

Dashboard port number

MongoDB

27017

MongoDB port number

API Publish

8050

API Publish port number

Zookeeper

2181

2182

Zookeeper port number

Kafka

9092

9093

Kafka port number