From 75a213873d050ce069e2060424b93393d41ecf9b Mon Sep 17 00:00:00 2001 From: Rick Fillion Date: Thu, 14 Jun 2018 13:23:15 -0500 Subject: [PATCH 1/3] Added instructions for what would need to be done to start op-scim on startup via docker-compose --- docker-compose/README.md | 14 ++++++++++++-- docker-compose/op-scim.service | 17 +++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 docker-compose/op-scim.service diff --git a/docker-compose/README.md b/docker-compose/README.md index b8d4fb7..38546fa 100644 --- a/docker-compose/README.md +++ b/docker-compose/README.md @@ -1,6 +1,6 @@ # Deploying the 1Password SCIM Bridge using Docker Compose -This example describes the simplest method of deploying the 1Password SCIM bridge, using Docker Compose. These instructions require a remote Docker host be set up and configured to be accessed by the Docker CLI. +This example describes the simplest method of deploying the 1Password SCIM bridge, using Docker Compose. These instructions require a remote Docker host be set up and configured to be accessed by the Docker CLI. Note that this deployment strategy is very useful for testing, but it is not reccomended for use in a production environment. The scimsession file is passed into the container via an environment variable, which is less secure than Docker Swarm secrets or Kubernetes secrets, both of which are supported, and reccomended. @@ -29,4 +29,14 @@ Next, edit `docker-compose.yml`, replacing `{YOUR-DOMAIN-HERE}` with the domain Running `docker-compose up --build` will now create a container from the `1password/scim` image. A redis container will also be started automatically to be used by the SCIM bridge. _After the DNS record has been propogated_, you can continue setting up your IdP with the SCIM bridge Administration Guide while monitoring the logs from the bridge on your local machine. -Once you have tested the configuration, the bridge can be exited using ctrl/cmd-c, and restarted in daemon mode using `docker-compose up -d, or deployed for production use with Docker Swarm or Kubernetes. You can access logs using `docker-compose logs` at any point in the future. \ No newline at end of file +Once you have tested the configuration, the bridge can be exited using ctrl/cmd-c, and restarted in daemon mode using `docker-compose up -d, or deployed for production use with Docker Swarm or Kubernetes. You can access logs using `docker-compose logs` at any point in the future. + +## Automatically starting the SCIM bridge upon startup + +In order to automatically start the SCIM bridge upon startup when using docker-compose you'll need to automatically start the Docker daemon, then start op-scim. + +### Systemd + +* Enable dockerd to run on startup: `systemctl enable dockerd` +* Create a service file for op-scim. A [sample file](op-scim.service) is provided and you'll need to change the path. +* Enable op-scim to run on startup: `systemctl enable op-scim` diff --git a/docker-compose/op-scim.service b/docker-compose/op-scim.service new file mode 100644 index 0000000..0476f40 --- /dev/null +++ b/docker-compose/op-scim.service @@ -0,0 +1,17 @@ +#/etc/systemd/system/op-scim.service +[Unit] +Description=1Password SCIM bridge +Requires=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/path/to/directory/containing/docker-compose.yml +ExecStart=/usr/local/bin/docker-compose up -d +ExecStop=/usr/local/bin/docker-compose down +TimeoutStartSec=0 + +[Install] +WantedBy=multi-user.target + From 5be11f0f0a8b1e3efd5c645519bb9b0ed4306b15 Mon Sep 17 00:00:00 2001 From: Rick Fillion Date: Thu, 14 Jun 2018 13:46:20 -0500 Subject: [PATCH 2/3] type simple --- docker-compose/op-scim.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/op-scim.service b/docker-compose/op-scim.service index 0476f40..dc0d3ec 100644 --- a/docker-compose/op-scim.service +++ b/docker-compose/op-scim.service @@ -1,11 +1,11 @@ -#/etc/systemd/system/op-scim.service +#/etc/systemd/system/op-scim.service [Unit] Description=1Password SCIM bridge Requires=docker.service After=docker.service [Service] -Type=oneshot +Type=simple RemainAfterExit=yes WorkingDirectory=/path/to/directory/containing/docker-compose.yml ExecStart=/usr/local/bin/docker-compose up -d From 844bcf8be8a4c9227eac6a3268abaa12b34ae5c3 Mon Sep 17 00:00:00 2001 From: Rick Fillion Date: Thu, 14 Jun 2018 15:42:07 -0500 Subject: [PATCH 3/3] Better steps thanks to Andrey --- docker-compose/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docker-compose/README.md b/docker-compose/README.md index 38546fa..6e9d9a4 100644 --- a/docker-compose/README.md +++ b/docker-compose/README.md @@ -33,10 +33,11 @@ Once you have tested the configuration, the bridge can be exited using ctrl/cmd- ## Automatically starting the SCIM bridge upon startup -In order to automatically start the SCIM bridge upon startup when using docker-compose you'll need to automatically start the Docker daemon, then start op-scim. +In order to automatically launch the 1Password SCIM bridge upon startup when using docker-compose you'll need to automatically start the Docker daemon, then start op-scim. ### Systemd -* Enable dockerd to run on startup: `systemctl enable dockerd` -* Create a service file for op-scim. A [sample file](op-scim.service) is provided and you'll need to change the path. -* Enable op-scim to run on startup: `systemctl enable op-scim` +1. Install the service file for op-scim. A [sample](op-scim.service) is provided and you'll need to change the path. +2. Reload systemd: `systemctl daemon-reload` +3. Enable the op-scim service: `systemctl enable op-scim` +