Configuring Bitnami PostgreSQL Docker Image with WSO2 Identity Server
In this blog post I am going to discuss how to configure Bitnami PostgreSQL 10.12.0 docker image with WSO2 Identity Server 5.10.0. You can find documentations to configure PostgreSQL with WSO2 Identity server as well as configuring PostgreSQL docker image with WSO2 Identity Server. But here we are talking about the Bitnami version of PostgreSQL. First let’s find out what are the differences between the Bitnami PostgreSQL docker image and the official PostgreSQL docker image.
Wait..!! Do you know what Bitnami is?
As we know very very well configuring a development environment in a local machine can be a little complicated to anyone. Especially for newbies. Sometimes there are many configurations that have to be made but unfortunately some can be missed. So we need to configure it again. But with Bitnami we can do these configurations easily because Bitnami will take care of them. So Bitnami makes it easy to get your favourite open source software up and running on any platform, including your laptop, Kubernetes and all the major clouds.
There are two major differences between Bitnami PostgreSQL and Official PostgreSQL docker images.
In the official image it does not support replication environment variables. It only supports the POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA environment variables. All other configurations are specific to the Bitnami version.
Also in Bitnami version the image is non-root by default. Actually why do we need non-root images? The main reason is the security. If there is a security issue in the images we can run the images in non-root mode. This will give an extra layer of protection from any malicious code from gaining the permissions on the image because the image is running with an unprivileged user.
When it comes to kubernetes, some kubernetes distributions are running with randomUUIDs. If we run our container as a root-only one it will always require the root user’s UUID. So we cannot use the other kubernetes distributions like openshift.
These are the advantages that we can gain by using a non-root container. For more information please refer to this documentation :-).
I hope you got an idea about the Bitnami PostgreSQL. Let’s do the wiring.
As the first stage we need to get the Bitnami PostgreSQL docker image to our local machine. You can get any version that you need by visiting here. For this post I am using version 10.12.0. You can get the docker image of 10.12.0 version by executing the following command in the terminal.
docker pull bitnami/postgresql:10.12.0
After successfully pulled the docker image we need to run it. You can execute the following command in the terminal for that.
docker run -d -p 5432:5432 --name bitnami-postgres -e POSTGRESQL_PASSWORD=wso2carbon bitnami/postgresql:10.12.0
In this command I used the image name as bitnami-postgres. You can decide any preferred name here.
After executing that command you can view the running PostgreSQL image by executing the following command in the terminal.
Here you will see a description of the running PostgreSQL docker image. Now we need to login to the running container to create a user and a database for our usage. Let’s see step by step.
From the following command you can login to the running Bitnami PostgreSQL container.
docker exec -i -t bitnami-postgres /bin/bash
After login to the container we need to create a user for our database.
createuser -U postgres USER_NAME -S -D -R -P
Here we can set a username for USER_NAME on our demand. For this example I am using the username as regadmin.
createuser -U postgres regadmin -S -D -R -P
When you execute this command you will be prompted to enter a password for a new role. Here you can set a password and hit enter. Then you have to enter the password again. When you hit enter again, you will be prompted to enter the postgres role password. This is the password that we have set in the docker run command previously. As this example it is wso2carbon. Enter the postgres role password and hit enter. Now you have successfully created a user. Keep in mind that this user is not a root user. This user does not have the privileges for creating new databases or new roles. Let’s move to the next step.
Here we are going to create a new database to store our required data. You can use the following command for that.
createdb -U postgres DATABASE_NAME -O USER_NAME
Here for DATABASE_NAME, you can use any preferred name for the database that you want to create and for USER_NAME, you can use a created user as the owner of this database. As for this example I will be using them as follows.
createdb -U postgres testdb -O regadmin
Now you have successfully created a database with an owner. Now you have to login to the sql command line in order to grant the permission for the created user. To login to the sql command line you can execute the following command.
psql -U postgres
This will require you to enter the postgres role password and for this example it is wso2carbon. This was set at the run command for the container. After you execute the above command you will be in the sql command line. Now allow all the privileges to the created user by executing the following command.
grant all privileges on database DATABASE_NAME to USER_NAME;
As this example, the following command will do the trick.
grant all privileges on database testdb to regadmin;
Now you are just one step away from completing the database. Now you need to execute the db scripts of WSO2 Identity Server which needs to be in the PostgreSQL database. You can find all the database scripts from <IS_HOME>/dbscripts directory. You can refer to this document to get a knowledge about what scripts must be executed in order to fulfil your requirement.
For this example I am going to store my user management data and registry data in the PostgreSQL database. So I must execute <IS-HOME>/dbscripts/postgresql.sql script for this. You can copy the required file into the docker image and execute the script by using \i command after login to the sql command line (psql) or you can use a database client like DBeaver to do this part. In DBeaver you can connect to PostgreSQL database and open the required sql scripts and execute them.
Ok guys… You are done right :-) As for now we have successfully created the database that we want to know. Now we have to wire it to WSO2 Identity Server.
As I mentioned before I am only adding my user management data and registry data to the PostgreSQL database. So I only need to configure the SHARED_DB of WSO2 Identity Server to connect to the PostgreSQL database.You can add the following configurations to the deployment.toml file in <IS-HOME>/repository/conf/ directory.
After adding the above configurations please make sure to comment out the existing H2 database configurations of [database.shared_db] and [user_store] in the deployment.toml file.
Up to here we have written an exam. Let’s check out the results of this exam :-).
You can start the WSO2 Identity Server by executing wso2server.sh file by getting inside to <IS-HOME>/bin from Linux/Unix environments and wso2server.bat file from Windows environments. As a checkup do as the following. After the WSO2 Identity Server is started, login to the Management console by using https://localhost:9443/carbon and username and password as admin. Now try to create a user and check whether the created user is in the UM_USER table of the configured PostgreSQL database. If that user is there in a healthy manner,
Congratulations mate..!!!! You have successfully passed the examination with the highest score.
Hope this will help you for your work.
Let’s meet with another blog guys.
Ci vediamo presto!