To use the Docker toolkit, you need to untar the toolkit.
You must:
- Download the following PingIntelligence components, tools,
and open source modules:
- PingIntelligence API Security Enforcer (ASE) 5.0
- PingIntelligence API Behavioral Security (ABS) 5.0
- PingIntelligence Dashboard 5.0
- MongoDB 4.2.0
- OpenJDK 11.0.2 to 11.0.6
- Kibana 6.8.1
- Elasticsearch 6.8.1
- Obtain valid PingIntelligence for APIs license files from the Ping Identity Sales team.
- Download the correct ASE binary based on the base image you want to create.
- Download the correct MongoDB 4.2.0 binary based on the Docker image you want to build.
To untar the Docker toolkit:
-
To untar the toolkit, run the following command:
tar -zxf pi-api-docker-toolkit-5.1.tar.gz
Untarring the Docker toolkit creates the directory structure as shown in the following table.
Directory Description bin
Contains the build.sh script to build the Docker images.
config
Contains the docker.conf file to configure the base image name and the base image operating system.
certs/webgui
Contains the PingFederate public certificate file, webgui-sso-oidc-provider.crt. The PingIntelligence Dashboard Docker image can be generated by optionally packaging it with the PingFederate public certificate.
certs/
Contains the folders
{ase, abs, apipublish, dataengine, webgui, kafka, mongo, elasticsearch}
.These contain certificate and key files for PingIntelligence components. The keystore will be generated during image creation with the password configured in docker.conf.
Note:The PingIntelligence Dashboard has the following components:
dataengine
webgui
You can configure separate certificates and keys for each of them. However, the keystore password will be common.
data
For internal use.
docker-toolkit
For internal use.
external
Contains the third-party software:
- MongoDB 4.2.0
- Elasticsearch 7.13.4
- OpenJDK 11.0.2 to 11.0.6
helm-chart
For internal use.
images
Contains the Docker images created using the build.sh script.
keystore
For internal use.
lib
For internal use.
license
Contains the PingIntelligence license file.
Note:You can build the images without adding the license file to the license directory. If you build the Docker images without the license file in license directory, then you need to map or mount the license file in the /config/ directory.
logs
Contains the log files.
software
Contains PingIntelligence ASE, ABS, and Dashboard.
-
To configure docker.conf, navigate to the
config directory and edit the
docker.conf file for base image name and base image operating
system.
The following is a sample
docker.conf
field:# Base image name using which all the PingIntelligence images are created base_image=registry.access.redhat.com/rhel7:7.9 # Operating system of the base image. The valid values are ubuntu or rhel base_image_os=rhel # Define the username for images. This user is added to the Docker # images. Containers created from these Docker images use the configured # user to run PingIntelligence software user_name=pinguser # Define the username for images. This user is added to the Docker # images. Containers created from these Docker images use the configured # user to run PingIntelligence software group_name=pinggroup #Define keystore password for different component #These will be used to create keystore while building images through crt and key while.ASE keystore password can be changed from helm values. abs_keystore_password=changeme apipublish_keystore_password=changeme dashboard_keystore_password=changeme kafka_keystore_password=changeme
Note:- The setup requires the Community Version (CE) of Docker 18.09 or later.
- Do not set the
user_name
asroot
in the docker.conf file.