compose-wso2
compose-wso2 sets up a collection of dockerized WSO2 components with a shared governance registry and SSO capability.
Description
These are the components included:
- API Manager
- Data Service Server
- Enterprise Service Bus
- Governance Registry
- Identity Server
Before you get started with a docker-compose up
, note that:
- The WSO2 container images are quite large, ranging from 750MB to a whooping 1.0GB.
- The first run of
docker-compose up
takes a few minutes as the service images are pulled from my AWS S3 buckets, and the Governance Registry is started with the-Dsetup
flag in order to initialize all the database tables. Try rundocker-compose pull
prior to runningdocker-compose up
. - This project utilizes Compose's networking feature to facilitate inter-containers networking communication.
- To support web browser-based SSO with WSO2 Identity Server, a new entry for the Identity Server hostname (
wso2identity
) must be added to your/etc/hosts
file. Refer to the Usage section for more information. - In the rest of this README, the
$DOCKER_HOST_IP
variable refers either to the value ofdocker-machine ip <machine>
if you are using Docker machine, or justlocalhost
if you aren't using Docker machine.
Usage
- Set up the default environmental variables and change the
WSO2_GATEWAY
variable to your$DOCKER_HOST_IP
:source scripts/env.bash
- Update your
/etc/hosts
file with the following line:<$WSO2_GATEWAY> wso2identity
where$WSO2_GATEWAY
has the same value as defined in yourscripts/env.bash
script. - Pull services:
docker-compose pull <service>
- Run services:
docker-compose --x-networking up <service>
- Scale services:
docker-compose scale <service=counts>
- View logs:
docker-compose logs <service>
Web Admin Consoles
The exposed ports of each component can be changed using the scripts/env.bash
script.
Components | URL |
---|---|
Identity Server | https://$DOCKER_HOST_IP:9443 |
API Manager | https://$DOCKER_HOST_IP:9444 |
Enterprise Service Bus | https://$DOCKER_HOST_IP:9445 |
Data Service Server | https://$DOCKER_HOST_IP:9446 |
Governance Registry | https://$DOCKER_HOST_IP:9447/carbon |
Governance Registry Persistance
The Governance Registry is used to provide a shared governance partition backed by a MySQL database, as documented here. The database registrydb
is created by the scripts/mysql/greg-init.sql
script on-start.
To test the shared governance partition set-up, navigate to the /_system/governance
registry from any of the web consoles. Add or modify some resources, and expect the changes to be seen in the web consoles of other components. Note that caching is disabled in the registry.xml
file of each component.
There are two others adjustments I had to make to get this to work:
- Override the default MySQL
sql-mode
using theconf/mysql/my.cnf
script to remove theNO_ZERO_IN_DATE
andNO_ZERO_DATE
restrictions. WSO2 usesDEFAULT 0
in some of their timestamp queries. - Disable SSL by setting the
useSSL
parameter in the JDBC connection string as seen in theconf/<component>/master-datasources.xml
scripts.
Single Sign-On
The Identity Server is configured to support web browser-based SSO across all the components based on the steps described here. A MySQL database is used as the backing data source to store registry and user manager data. The database identitydb
is created by the scripts/mysql/is-init.sql
script on-start.
Instead of defining the service provider for each component via the administrator console, I specified them in the sso-idp-config.xml
file in accordance to this example. There is an issue with logout where the Identity Server throws an ERROR {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor} - No Established Sessions corresponding to Session Indexes provided.
exception.
Since I am using Docker machine, I have to add the Identity Server hostname (wso2identity
) to my /etc/hosts
file. Refer to Usage section on the updates necessary for the /etc/hosts
file. Otherwise, by default, all the Identity Server SSO web applications will redirect SAML requests back to localhost
.
The following is a list of SSO-related TODOs:
- Fix logout issue.
- Replace the default embedded LDAP server with a Docker container as the primary user store.
Supported Environmental Variables
The default versions and port numbers of the WSO2 components, MySQL credentials and other environmental variables are defined in the scripts/env.bash
script.
The following is the list of environmental variables that you will need to change to cater to your environment:
Variables | Description |
---|---|
COMPOSE_PROJECT_NAME | Sets the project name. Refer Compose documentation for more information. |
WSO2_GATEWAY | This should be set to either the IP address of your Docker machine, or localhost if you aren't using Docker machine. |
APIM_VERSION | Version of the API Manager |
APIM_HTTPS_PORT | Exposed HTTPS port of the API Manager |
APIM_HTTP_PORT | Exposed HTTP port of the API Manager |
DSS_VERSION | Version of the Data Service Server |
DSS_HTTPS_PORT | Exposed HTTPS port of the Data Service Server |
DSS_HTTP_PORT | Exposed HTTP port of the Data Service Server |
ESB_VERSION | Version of the Enterprise Service Bus |
ESB_HTTPS_PORT | Exposed HTTPS port of the Enterprise Service Bus |
ESB_HTTP_PORT | Exposed HTTP port of the Enterprise Service Bus |
GREG_VERSION | Version of the Governance Registry |
GREG_HTTPS_PORT | Exposed HTTPS port of the Governance Registry |
GREG_HTTP_PORT | Exposed HTTPS port of the Governance Registry |
IS_VERSION | Version of the Identity Server |
IS_HTTPS_PORT | Exposed HTTPS port of the Identity Server |
IS_HTTP_PORT | Exposed HTTP port of the Identity Server |
MYSQL_VERSION | Version of the MySQL database |
MYSQL_ROOT_PASSWORD | MySQL root password |
Override MySQL Configurations
The default MySQL configurations can be overridden by adding custom configuration files, suffixed with the .cnf
extension, to the conf/mysql
folder. For more information, see the MySQL official repository on dockerhub.