Ping Identity DevOps Docker Image - pingaccess ¶
This docker image includes the Ping Identity PingAccess product binaries and associated hook scripts to create and run both PingAccess Admin and Engine nodes.
Related Docker Images ¶
pingidentity/pingbase- Parent ImageThis image inherits, and can use, Environment Variables from pingidentity/pingbase
pingidentity/pingcommon- Common Ping files (i.e. hook scripts)
Environment Variables ¶
In addition to environment variables inherited from pingidentity/pingbase,
the following environment ENV variables can be used with
this image.
| ENV Variable | Default | Description |
|---|---|---|
| SHIM | ${SHIM} | |
| IMAGE_VERSION | ${IMAGE_VERSION} | |
| IMAGE_GIT_REV | ${IMAGE_GIT_REV} | |
| DATE | ${DATE} | |
| PING_PRODUCT_VERSION | ${VERSION} | |
| PING_PRODUCT | PingAccess | Ping product name |
| LICENSE_DIR | ${SERVER_ROOT_DIR}/conf | License directory |
| LICENSE_FILE_NAME | pingaccess.lic | Name of license file |
| LICENSE_SHORT_NAME | PA | Short name used when retrieving license from License Server |
| LICENSE_VERSION | ${LICENSE_VERSION} | Version used when retrieving license from License Server |
| OPERATIONAL_MODE | STANDALONE | |
| PA_ADMIN_PASSWORD_INITIAL | 2Access | |
| PING_IDENTITY_PASSWORD | 2FederateM0re | Specify a password for administrator user for interaction with admin API |
| STARTUP_COMMAND | ${SERVER_ROOT_DIR}/bin/run.sh | The command that the entrypoint will execute in the foreground to instantiate the container |
| TAIL_LOG_FILES | ${SERVER_ROOT_DIR}/log/pingaccess.log | Files tailed once container has started |
| PA_ADMIN_PORT | 9000 | Default port for PA Admin API and console Ignored when using PingIdentity Helm charts |
| PA_ADMIN_CLUSTER_PORT | 9090 | Default port when clustering PA primary administrative node Ignored when using PingIdentity Helm charts |
| JAVA_RAM_PERCENTAGE | 60.0 | Percentage of the container memory to allocate to PingAccess JVM DO NOT set to 100% or your JVM will exit with OutOfMemory errors and the container will terminate |
| FIPS_MODE_ON | false | Turns on FIPS mode (currently with the Bouncy Castle FIPS provider) set to exactly "true" lowercase to turn on set to anything else to turn off |
| SHOW_LIBS_VER | true | Defines a variable to allow showing library versions in the output at startup default to true |
| SHOW_LIBS_VER_PRE_PATCH | false | Defines a variable to allow showing library version prior to patches being applied default to false This is helpful to ensure that the patch process updates all libraries affected |
| PA_ENGINE_PORT | 3000 | |
| ADMIN_WAITFOR_TIMEOUT | 300 | wait-for timeout for 80-post-start.sh hook script How long to wait for the PA Admin console to be available |
Ports Exposed ¶
The following ports are exposed from the container. If a variable is used, then it may come from a parent container
- ${PA_ADMIN_PORT}
- ${PA_ENGINE_PORT}
- ${HTTPS_PORT}
Running a PingAccess container ¶
To run a PingAccess container:
docker run \
--name pingaccess \
--publish 9000:9000 \
--publish 443:1443 \
--detach \
--env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git \
--env SERVER_PROFILE_PATH=getting-started/pingaccess \
--env PING_IDENTITY_ACCEPT_EULA=YES \
--env PING_IDENTITY_DEVOPS_USER \
--env PING_IDENTITY_DEVOPS_KEY \
--tmpfs /run/secrets \
pingidentity/pingaccess:edge
Follow Docker logs with:
docker logs -f pingaccess
If using the command above with the embedded server profile, log in with:
- https://localhost:9000
- Username: Administrator
- Password: 2FederateM0re
Docker Container Hook Scripts ¶
Please go here for details on all pingaccess hook scripts
This document is auto-generated from pingaccess/Dockerfile
Copyright © 2023 Ping Identity Corporation. All rights reserved.