Legacy to Docker: Lessons Learned Containerizing Unison
and OpenUnison and S2I
With Demo of Identity Management for OpenShift
What is Unison/OpenUnison?• Identity Management Solution• User Provisioning• Self Service• LDAP Virtual Directory • SSO & Web Access Management
• Java Application• Multiple Services• Reverse Proxy / Identity Provider• LDAP Virtual Directory• Administrative Interface• Web Services
OpenUnison Source2Image• J2EE Application• War File• Built using Maven• Requires Keystore• Image Requirements• Servlet Container• TLS• Java 1.8
• Source2Image - https://github.com/openshift/source-to-image
OpenUnison Source2Image
First Rule of Creating Docker Images
First Rule of Creating Docker Images
Don’t Talk About Creating Docker Images
First Rule of Creating Docker Images
Don’t Treat Containers Like VMs
Challenges• No Static IP Addresses• Persistent Volumes• File System Permissions• Consistency• Not Requiring “Base” Image• RHEL vs CentOS• OpenShift• Logging
Architecture (Pre-Docker)
Architecture (Docker)
Lessons Learned• Security• Users in container vs host• Don’t run as root• OpenShift – Running as a random user• Conflict with Dockerhub images
• Persistent Volumes• OpenShift – Can’t guaruntee PV->PVC Mapping• Minimize number of peristent volumes
• Permissions – Other readable• Odd issues
Demo Environment
Top Related