Ping Identity DevOps Docker Image -
This docker image includes the Ping Identity PingDataSync product binaries and associated hook scripts to create and run a PingDataSync instance.
Related Docker Images ¶
pingidentity/pingbase- Parent Image
This image inherits, and can use, Environment Variables from pingidentity/pingbase
pingidentity/pingdatacommon- Common Ping files (i.e. hook scripts)
Environment Variables ¶
In addition to environment variables inherited from pingidentity/pingbase,
the following environment
ENV variables can be used with
|Files tailed once container has started
|PD License directory. This value is set from the pingbase docker file
|Name of license file
|Short name used when retrieving license from License Server
|Version used when retrieving license from License Server
|Ping product name
|The command that the entrypoint will execute in the foreground to instantiate the container
|The command-line options to provide to the the startup command when the container starts with the server in the foreground. This is the normal start flow for the container
|The default retry timeout in seconds for manage-topology and remove-defunct-server
|Failover administrative user
|Location of file with the root user password (i.e. cn=directory manager). Defaults to /SECRETS_DIR/root-user-password
|Location of file with the admin password, used as the password replication admin Defaults to /SECRETS_DIR/admin-user-password
|Location of the keystore file containing the server certificate. If left undefined, the SECRETS_DIR will be checked for a keystore. If that keystore does not exist, the server will generate a self-signed certificate.
|Location of the pin file for the keystore defined in KEYSTORE_FILE. You must specify a KEYSTORE_PIN_FILE when a KEYSTORE_FILE is present. This value does not need to be defined when allowing the server to generate a self-signed certificate.
|Format of the keystore defined in KEYSTORE_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the keystore format will be inferred based on the file extension of the KEYSTORE_FILE, defaulting to "jks".
|Location of the truststore file for the server. If left undefined, the SECRETS_DIR will be checked for a truststore. If that truststore does not exist, the server will generate a truststore, containing its own certificate.
|Location of the pin file for the truststore defined in TRUSTSTORE_FILE. You must specify a TRUSTSTORE_PIN_FILE when a TRUSTSTORE_FILE is present. This value does not need to be defined when allowing the server to generate a truststore.
|Format of the truststore defined in TRUSTSTORE_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the truststore format will be inferred based on the file extension of the TRUSTSTORE_FILE, defaulting to "jks".
|Directory for the profile used by the PingData manage-profile tool
|Setting this variable to true speeds up server startup time by skipping an unnecessary JVM check.
|Whether this container is running as a Pod in a Kubernetes StatefulSet, and that StatefulSet is using the Parallel podManagementPolicy. This property allows for starting up Pods in parallel to speed up the initial startup of PingDataSync topologies. This variable must be set to true when using the Parallel podManagementPolicy. Note: when using parallel startup, ensure the RETRY_TIMEOUT_SECONDS variable is large enough. The pods will be enabling replication simultaneously, so some pods will have to retry while waiting for others to complete. If the timeout is too low, a Pod may end up restarting unnecessarily.
|Set to true to skip the waiting for DNS step that is normally done just before attempting to join the topology.
|There is an additional certificate-based variable used to identity the certificate alias used within the
KEYSTORE_FILE. That variable is called
CERTIFICATE_NICKNAME, which identifies the certificate to use by the server in the
KEYSTORE_FILE. If a value is not provided, the container will look at the list certs found in the
KEYSTORE_FILE and if one - and only one - certificate is found of type
PrivateKeyEntry, that alias will be used.
|Sets the number of columns in PingDataSync command-line tool output
Ports Exposed ¶
The following ports are exposed from the container. If a variable is used, then it may come from a parent container
Running a PingDataSync container ¶
docker run \
--name pingdatasync \
--publish 1389:1389 \
--publish 8443:1443 \
--env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git \
--env SERVER_PROFILE_PATH=simple-sync/pingdatasync \
--env PING_IDENTITY_ACCEPT_EULA=YES \
--env PING_IDENTITY_DEVOPS_USER \
--env PING_IDENTITY_DEVOPS_KEY \
--tmpfs /run/secrets \
Docker Container Hook Scripts ¶
Please go here for details on all pingdatasync hook scripts
This document is auto-generated from pingdatasync/Dockerfile
Copyright © 2024 Ping Identity Corporation. All rights reserved.