legacy to docker - lessons learned and demo of openunison

Legacy to Docker: Lessons Learned Containerizing Unison

and OpenUnison and S2I

With Demo of Identity Management for OpenShift

What is Unison/OpenUnison?• Identity Management Solution• User Provisioning• Self Service• LDAP Virtual Directory • SSO & Web Access Management

• Java Application• Multiple Services• Reverse Proxy / Identity Provider• LDAP Virtual Directory• Administrative Interface• Web Services

OpenUnison Source2Image• J2EE Application• War File• Built using Maven• Requires Keystore• Image Requirements• Servlet Container• TLS• Java 1.8

• Source2Image - https://github.com/openshift/source-to-image

OpenUnison Source2Image

First Rule of Creating Docker Images

First Rule of Creating Docker Images

Don’t Talk About Creating Docker Images

First Rule of Creating Docker Images

Don’t Treat Containers Like VMs

Challenges• No Static IP Addresses• Persistent Volumes• File System Permissions• Consistency• Not Requiring “Base” Image• RHEL vs CentOS• OpenShift• Logging

Architecture (Pre-Docker)

Architecture (Docker)

Lessons Learned• Security• Users in container vs host• Don’t run as root• OpenShift – Running as a random user• Conflict with Dockerhub images

• Persistent Volumes• OpenShift – Can’t guaruntee PV->PVC Mapping• Minimize number of peristent volumes

• Permissions – Other readable• Odd issues

Demo Environment