Page created: 9 Feb 2021 |
Page updated: 4 Aug 2021
Install the PingAuthorize Policy Editor by running its Docker container. When running the Policy Editor within a Docker container, you can take advantage of the automated policy database update feature by using mounted volumes.
For example, when running the Ping Identity DevOps
pingauthorizepapDocker container, you could use the following command to ensure that the policy database is on the mounted volume in preparation for future versions of the image. The command:
- Runs a
pingauthorizepapDocker container named
papon host port 8443.
- Uses the ~/.pingidentity/devops environment file to configure common environment variables. See https://devops.pingidentity.com/get-started/getStarted/.
- Bind mounts a customized options.yml file named custom-options.yml to the server root using the server profile capability. The host system server-profile folder must contain instance/custom-options.yml for this example to work correctly. See https://devops.pingidentity.com/reference/config/.
- Sets the PING_OPTIONS_FILE environment variable to tell setup to use custom-options.yml.
- Bind mounts a volume that maps a policy database to /opt/out/Symphonic.mv.db.
- Sets the PING_H2_FILE environment variable to tell setup to use /opt/out/Symphonic.mv.db for the policy database. The environment variable must exclude the .mv.db extension.
The Ping Identity DevOps Docker image documentation is frequently updated as new features are released. For the most recent instructions about running the Docker images, see https://devops.pingidentity.com/.
Run this command.
Note: For proper communication between containers, create a Docker network using a command such as
docker network create --driver <network_type> <network_name>, and then connect to that network with the
$ docker run --network=<network_name> --name pap -p 8443:1443 \ --env-file ~/.pingidentity/devops \ --volume /home/developer/pap/server-profile:/opt/in/ \ --env PING_OPTIONS_FILE=custom-options.yml \ --volume /home/developer/pap/Symphonic.mv.db:/opt/out/Symphonic.mv.db \ --env PING_H2_FILE=/opt/out/Symphonic \ pingidentity/pingauthorizepap:<TAG>
The Docker image <TAG> used in the example is only a placeholder. For actual tag values, see Docker Hub (https://hub.docker.com/r/pingidentity/pingauthorizepap).