From a43d749ec5537e649a1c7508f2e68155dd5e9a10 Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Mon, 17 Jul 2017 19:26:16 -0700 Subject: [PATCH] #173 update docker run command to specify exposed port numbers and hostname --- docker/start.sh | 8 ++++++-- docs/setup_docker.md | 46 +++++++++++++++++++++++--------------------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/docker/start.sh b/docker/start.sh index ee2ae1edfe3..e26de57a39a 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -75,8 +75,12 @@ fi echo "---starting athenz ui---" cd /opt/athenz/athenz-ui*/ -export ZMS_SERVER=$public_hostname -export UI_SERVER=$public_hostname +if [ -z "${ZMS_SERVER}" ]; then + export ZMS_SERVER=$public_hostname +fi +if [ -z "${UI_SERVER}" ]; then + export UI_SERVER=$public_hostname +fi bin/athenz_ui start cd /opt/athenz/athenz-zts*/var/zts_server/keys diff --git a/docs/setup_docker.md b/docs/setup_docker.md index e17eeef98c5..9a13e5c1312 100644 --- a/docs/setup_docker.md +++ b/docs/setup_docker.md @@ -10,18 +10,12 @@ --------------- ### Docker ------------ +---------- Please checkout https://docs.docker.com/engine/installation/ for docker installation. ## Launch instance -------------------- - -Once docker is successfully installed, launch Athenz by executing the following docker command: - -```shell -$ docker run -itd -P athenz/athenz -``` +------------------ The docker container includes all three Athenz Services - ZMS, ZTS and UI. Internally they're running on the following ports: @@ -32,25 +26,31 @@ they're running on the following ports: | ZTS | 8443 | | UI | 9443 | -To access these services, first determine the corresponding ports exposed by docker. -Run the following commands to extract the container id assigned to the `athenz/athenz` -image and then use extracted container id as the value for the CONTAINER_ID parameter -in the second command to inspect the ports exposed by docker: +and those three ports must be exposed and available on the docker host as well. + +Once docker is successfully installed, launch Athenz by executing the following docker command. ```shell -$ docker ps --filter "ancestor=athenz/athenz" -q -$ docker inspect --format '{{json .NetworkSettings.Ports}}' CONTAINER_ID +$ docker run -itd -p 9443:9443 -p 4443:4443 -p 8443:8443 -e ZMS_SERVER= -e UI_SERVER= athenz/athenz ``` -The output from the inspect command would be similar to: +To access Athenz UI, open your browser with url -`{"4443/tcp":[{"HostIp":"0.0.0.0","HostPort":"32776"}],"8443/tcp":[{"HostIp":"0.0.0.0","HostPort":"32775"}],"9443/tcp":[{"HostIp":"0.0.0.0","HostPort":"32774"}]}` +``` +https://:9443/athenz +``` -In this setup UI port 9443 is exposed on port 32774. So to access Athenz UI from -the same box, open the web browser with url https://localhost:32774. Since the -services are running with self-signed certificates, configure your browser to +Since the services are running with self-signed certificates, configure your browser to ignore the warnings regarding the UI server certificate. +The administrator must first access the ZMS Server endpoint in the browser to +accept the exception since the Athenz UI contacts ZMS Server to get an authorized +token for the user when logging in. The administrator must access: + +``` +https://:4443/zms/v1/schema +``` + The container is configured with the following default user details: | User | Password | @@ -59,7 +59,7 @@ The container is configured with the following default user details: ## Start/Stop Athenz ------------------------ +-------------------- Run `docker ps` to get the CONTAINER_ID first and then use the extracted container id with docker stop command: @@ -69,9 +69,11 @@ $ docker ps --filter "ancestor=athenz/athenz" -q $ docker stop CONTAINER_ID ``` -To start Athenz, execute the following command (replace CONTAINER_ID with -the extract id from the docker ps command): +To start Athenz, execute the following commands first to determine the stopped +Athenz container id and then start the container with docker start command: ```shell +$ docker container ls -a $ docker start CONTAINER_ID ``` +