grouper-users - RE: [grouper-users] containerized grouper noob questions

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] containerized grouper noob questions

From: "Coleman, Erik C" <>
To: Darren Boss <>, Baron Fujimoto <>, Grouper Users <>
Subject: RE: [grouper-users] containerized grouper noob questions
Date: Tue, 14 Jul 2020 16:23:09 +0000
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=illinois.edu; dmarc=pass action=none header.from=illinois.edu; dkim=pass header.d=illinois.edu; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ny5ewJ7kbgDIiWtwUY08VAaHxAnTghKzrUF20AF8uGk=; b=KAwV0LusZP4DHamxY6kfdI+3asrUvtWOqaAGwMJ/XBJ7feUWNJEJNSkB146STP03Fc+GncKR03YMiL70Bz4G1LNCoKUoqjszo00Eh7ph74R/9kJPUJXU49irrrf2ZyLZUMKzbD4qX4qEdYfEV82xPmedJ9fGjRkjj5YattI0Y6V7jFSva0EsNTSEE8aRqtOcug7LqkEGvpBliu4YIuvroLxAbi+XU/UUTdRlSGwMkKEe65z0NKvo2gxCHEoZCsTujaosQAEYa6nui7n98alnDeLVTOxOBeAY3Uu09tHSyGk8B0KwCEspjhb6V19s95qN7RWj3thIwPJrfj4Xc9oOaQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=je1N85PeYvVIQCmvYtPm65Mua+tN3FLxfkIOyi01jtIJlIK1ql5c0MdPoli6rm8eKsUUw/s66c9MgKHUuEkP8ubQYzHVMRTWFkR7/zrMESxzMcbgv7b0wChg/dkkrtUE0U3etW5phMCfFkJK+zZCuqXqnntX+ZWKVHi8+gEBmC7R8z9ZO9PDsmGx3EucUkqFPPeCT8gG+wyzsVv7T7Py1FhH9UUqKw/CF2OT8B6DFX5IAy6TeRYuzs2I8RmPmNBueiYf5J/0vDROAJZuAIYMYlHPmdWvhRTAtoAvyFvTUwCb5M8VbsuSPK0YvUPIq2RihrBdPt+FfI/67duHwrmHUQ==

The current container scheme does support a joint "ui-ws" role that can be
shared on the same container. But what Darren says is more realistic-- your
load balancer in the cloud would reverse-proxy based on URL, which is how we
are doing this in AWS in our production Grouper.

Thanks,
Erik Coleman
University of Illinois at Urbana-Champaign

Under the Illinois Freedom of Information Act any written communication to or
from university employees regarding university business is a public record
and may be subject to public disclosure.

-----Original Message-----
From:
<> On Behalf Of Darren Boss
Sent: Monday, July 13, 2020 9:52 PM
To: Baron Fujimoto <>; Grouper Users
<>
Subject: Re: [grouper-users] containerized grouper noob questions

One option would be to set up a reverse proxy in front of the containers that
directs traffic to the correct container based on the url pattern. That
reverse proxy is grouper.example.edu and it has rules so traffic to /grouper
goes to the ui container while /grouper-ws goes to the web services
container. In Kubernetes, this is a core part of the platform and called the
ingress controller which is typically done via Nginx.

On Mon, Jul 13, 2020 at 8:15 PM Baron Fujimoto <> wrote:
>
> On Thu, Jul 02, 2020 at 05:15:31PM -1000, Baron Fujimoto wrote:
> >We're dipping our toes in the water of containerized Grouper, generally
> >upgrading from 2.2 to 2.5. Upgrade issues aside, I have some basic
> >questions about containerized Grouper that I hope aren't too stupid. I
> >poked around the Grouper doucmentation I could find but didn't find what I
> >was looking for – I'm happy to RTFM if someone will point me to TFM.
> >
>
> Different question:
>
> Our current grouper UI and WS deployments share a common hostname and port
> (443). E.g.:
>
> UI: <https://grouper.example.edu.grouper/grouper>
> WS: <https://grouper.example.edu.grouper/grouper-ws>
>
> We achieve this by running both services out of a shared Tomcat servlet
> container. With dockerized Grouper the the best practice seems to be to run
> each service in its own docker container (each with its own Tomcat servlet
> container)? Since each service can't listen to the same port (right?),
> what is the recommended way of handling this? Just having, say, the WS,
> listen to a different port? (Assuming we want to retain the same hostname.)
> E.g.:
>
> UI: <https://grouper.example.edu.grouper/grouper>
> WS: <https://grouper.example.edu.grouper:9443/grouper>
>
> --
> UH Information Technology Services : Identity & Access Mgmt,
> Middleware minutas cantorum, minutas balorum, minutas carboratum
> desendus pantorum

--
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal

Re: [grouper-users] containerized grouper noob questions, (continued)
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/14/2020
  - Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/14/2020
    - RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/14/2020
    - RE: [grouper-users] containerized grouper noob questions, Coleman, Erik C, 07/14/2020
    - Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/14/2020
      - Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/15/2020
      - RE: [grouper-users] containerized grouper noob questions, Coleman, Erik C, 07/16/2020
        
        RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/16/2020
        
        Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/21/2020
        
        Re: [grouper-users] containerized grouper noob questions, Greg Haverkamp, 07/21/2020
        RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/22/2020

List archive

RE: [grouper-users] containerized grouper noob questions