Installing PingAuthorize Policy Editor using Docker - PingAuthorize

Installing PingAuthorize Policy Editor using Docker - PingAuthorize - 9.0

PingAuthorize

bundle

pingauthorize-90

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.0

category

ContentType

Product

Productdocumentation

paz-90

pingauthorize

ContentType_ce

Product documentation

Page created: 26 Jul 2021 |

Page updated: 11 Feb 2023

| 2 min read

Content Type Product documentation 9.0 PingAuthorize Product Installation User task

Install the PingAuthorize Policy Editor by running its Docker container. When running the Policy Editor within a Docker container, you can take advantage of the automated policy database update feature by using mounted volumes.

When running the Ping Identity DevOps pingauthorizepap Docker container, you can use the following commands to ensure that the policy database is on the mounted volume in preparation for future versions of the image. The commands:

Run a pingauthorizepap Docker container named pap on host port 8443.
Use the ~/.pingidentity/config environment file to configure common environment variables. See https://devops.pingidentity.com/get-started/introduction.
Bind mount a customized options.yml file named custom-options.yml to the server root using the server profile capability. The host system server-profile folder must contain instance/custom-options.yml for this example to work correctly. See https://devops.pingidentity.com/reference/config/.
Set the Ping_Options_File environment variable to tell setup to use custom-options.yml.

For an H2 database, the command:

Bind-mounts a volume that maps a policy database to /opt/out/Symphonic.mv.db.
Sets the PING_H2_FILE environment variable to tell setup to use /opt/out/Symphonic.mv.db for the policy database. The environment variable must exclude the .mv.db extension.

For a PostgreSQL database, the command sets environment variables to provide setup with username, password, host, and port database credentials.

Note:

The Ping Identity DevOps Docker image documentation is frequently updated as new features are released. For the most recent instructions about running the Docker images, see https://devops.pingidentity.com/.

Run the pingauthorizepap Docker container.

If you are using an H2 database, run the following command.

$ docker run --network=<network_name> --name pap -p 8443:1443 \
  --env-file ~/.pingidentity/config \
  --volume /home/developer/pap/server-profile:/opt/in/ \
  --env PING_OPTIONS_FILE=custom-options.yml \
  --volume /home/developer/pap/Symphonic.mv.db:/opt/out/Symphonic.mv.db \
  --env PING_H2_FILE=/opt/out/Symphonic \
  pingidentity/pingauthorizepap:<TAG>

Note:

For proper communication between containers, create a Docker network using a command such as docker network create --driver <network_type> <network_name>, and then connect to that network with the --network=<network_name> option.

If you are using a PostgreSQL database, run the following command.

$ docker run --network=<network_name> --name pap -p 8443:1443 \
  --env-file ~/.pingidentity/config \
  --volume /home/developer/pap/server-profile:/opt/in/ \
  --env PING_OPTIONS_FILE=custom-options.yml \
  --env PING_DB_APP_USERNAME="<username>" \
  --env PING_DB_APP_PASSWORD="<password>" \
  --env PING_DB_CONNECTION_STRING="jdbc:postgresql://<host>:<port>/<database>" \
  pingidentity/pingauthorizepap:<TAG>

Note:

The Docker image <TAG> used in the example is only a placeholder. For actual tag values, see Docker Hub.