PingIntelligence

Untarring the Docker toolkit

To use the Docker toolkit, you need to untar the toolkit.

Before you begin

You must:

  • Download the following PingIntelligence components, tools, and open source modules:

    • PingIntelligence API Security Enforcer (ASE) 5.0

    • PingIntelligence API Behavioral Security (ABS) 5.0

    • PingIntelligence Dashboard 5.0

    • MongoDB 4.2.0

    • OpenJDK 11.0.2 to 11.0.6

    • Kibana 6.8.1

    • Elasticsearch 6.8.1

  • Obtain valid PingIntelligence for APIs license files from the Ping Identity Sales team.

  • Download the correct ASE binary based on the base image you want to create.

  • Download the correct MongoDB 4.2.0 binary based on the Docker image you want to build.

About this task

To untar the Docker toolkit:

Steps

  1. To untar the toolkit, run the following command:

    tar -zxf pi-api-docker-toolkit-5.1.tar.gz

    Result:

    Untarring the Docker toolkit creates the directory structure as shown in the following table.

    Directory Description

    bin

    Contains the build.sh script to build the Docker images.

    config

    Contains the docker.conf file to configure the base image name and the base image operating system.

    certs/webgui

    Contains the PingFederate public certificate file, webgui-sso-oidc-provider.crt. The PingIntelligence Dashboard Docker image can be generated by optionally packaging it with the PingFederate public certificate.

    certs/

    Contains the folders \{ase, abs, apipublish, dataengine, webgui, kafka, mongo, elasticsearch}.

    These contain certificate and key files for PingIntelligence components. The keystore will be generated during image creation with the password configured in docker.conf.

    The PingIntelligence Dashboard has the following components:

    • dataengine

    • webgui

    You can configure separate certificates and keys for each of them. However, the keystore password will be common.

    data

    For internal use.

    docker-toolkit

    For internal use.

    external

    Contains the third-party software:

    • MongoDB 4.2.0

    • Elasticsearch 7.13.4

    • OpenJDK 11.0.2 to 11.0.6

    helm-chart

    For internal use.

    images

    Contains the Docker images created using the build.sh script.

    keystore

    For internal use.

    lib

    For internal use.

    license

    Contains the PingIntelligence license file.

    You can build the images without adding the license file to the license directory. If you build the Docker images without the license file in license directory, then you need to map or mount the license file in the /config/ directory.

    logs

    Contains the log files.

    software

    Contains PingIntelligence ASE, ABS, and Dashboard.

  2. To configure docker.conf, navigate to the config directory and edit the docker.conf file for base image name and base image operating system.

    Example:

    The following is a sample docker.conf field:

    # Base image name using which all the PingIntelligence images are created
    base_image=registry.access.redhat.com/rhel7:7.9
    
    # Operating system of the base image. The valid values are ubuntu or rhel
    base_image_os=rhel
    
    # Define the username for images. This user is added to the Docker
    # images. Containers created from these Docker images use the configured # user to run PingIntelligence software
    user_name=pinguser
    
    # Define the username for images. This user is added to the Docker
    # images. Containers created from these Docker images use the configured # user to run PingIntelligence software
    group_name=pinggroup
    
    #Define keystore password for different component
    #These will be used to create keystore while building images through crt and key while.ASE keystore password can be changed from helm values.
    abs_keystore_password=changeme
    apipublish_keystore_password=changeme
    dashboard_keystore_password=changeme
    kafka_keystore_password=changeme
    • The setup requires the Community Version (CE) of Docker 18.09 or later.

    • Do not set the user_name as root in the docker.conf file.