While following the instructions to build the CoManage Shibboleth Docker container in a VM with .75gb RAM, the following error is generated in step 12/42 of the build:

/bin/bash ../libtool --silent --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I.. -I/opt/shibboleth-sp/include -pthread -Wall -fPIC -O2 -DNDEBUG -pthread -Wall -O2 -DNDEBUG -MT saml1/core/impl/ProtocolsImpl.lo -MD -MP -MF $depbase.Tpo -c -o saml1/core/impl/ProtocolsImpl.lo saml1/core/impl/ProtocolsImpl.cpp &&
mv -f $depbase.Tpo $depbase.Plo
g++: internal compiler error: Killed (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See file:///usr/share/doc/gcc-4.9/README.Bugs for instructions.
make[2]: *** [saml1/core/impl/AssertionsImpl.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
Makefile:1143: recipe for target 'saml1/core/impl/AssertionsImpl.lo' failed
make[2]: Leaving directory '/var/www/html/src/saml'
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
Makefile:562: recipe for target 'all-recursive' failed
make[1]: Leaving directory '/var/www/html/src'
Makefile:469: recipe for target 'all' failed`

If a VM with more RAM is used (I've tested 3GB), there are no errors, and the compilation proceeds as expected. Perhaps some guidance regarding system specs might be useful in the README, since the error message generated is unhelpful?

Could have an environment variable to indicate need for supported but non-core plugin and have the entrypoint script do the work.

No one can help you, you must face the Gazebo alone... ;)

"https://github.com/Internet2/comanage-registry-docker/tree/master/comanage-registry-basic-auth" <--- email.php is called database.php.

When I try and build the containers, I get the error

W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/InRelease  Unable to find expected entry 'main/binary-amd64/Packages' in Release file (Wrong sources.list entry or malformed file)

E: Some index files failed to download. They have been ignored, or old ones used instead.

I implemented this fix in the Dockerfile by adding

RUN printf "deb http://archive.debian.org/debian/ jessie main\ndeb-src http://archive.debian.org/debian/ jessie main\ndeb http://security.debian.org jessie/updates main\ndeb-src http://security.debian.org jessie/updates main" > /etc/apt/sources.list

right at the top and it worked.

When running docker(s) we mount in /etc/passwd & group to be able to track users across containers; this is all neat when the dockerized applications do chown/chmod but horrible if they don't. When running the "comanage-registry-shibboleth-sp" we get a working key and cert, because they are chmod'ed and chown'ed, but a non-working shibboleth2.xml as it is only chmod'ed. Is it possible to get a chown on the xml as well? :) We have to run "chmod 666" on it now for it to load at all... ;(

(I'm also curious as to why /opt/shibboleth-sp is used as a minichroot for shib, or is it? Can't figure if it does or does not use /etc/shibboleth at all...)

The containers make a copy of the certificates stored in the secret files, rather than using them directly. The reason is likely so that the various start.sh scripts can fix the ownership and permissions of these files. However, this means that to renew a cert the container must be stopped and restarted.

It is possible to set the permissions and ownership of a secret in the compose file. This currently works with stacks, but would require the use of stacks until secrets are implemented in the compose files until secrets are supported by compose docker/compose#6358

@skoranda I'm happy to implement this once docker/compose#6358 is fixed, if you agree.

Similar to this one: ("https://github.com/einar/docker-rt-swamid/blob/master/README.md"). To be able to better grasp what's what, how to do stuff, in what order and especially why. :) Does NOT have to include everything (the linked document doesnt) but it tries to give a step-by-step.

If it's possible to change values using environment variables in docker-compose instead of in the images that'd also be great to mention in this general HowTo.

Everything starts fine (except for Apache whining about ServerName) but when I load the frontpage I get a bunch of errors (frontpage still loads fine though so might be nothing or be due to missing ServerName):

comanage-registry_1 | 2017-06-08 13:22:27 Notice: Notice (8): Undefined variable: buttonClasses in [/srv/comanage-registry/app/View/Elements/menuUser.ctp, line 168]
comanage-registry_1 | Trace:
comanage-registry_1 | ErrorHandler::handleError() - CORE/Cake/Error/ErrorHandler.php, line 230
comanage-registry_1 | include - APP/View/Elements/menuUser.ctp, line 168
comanage-registry_1 | View::_evaluate() - CORE/Cake/View/View.php, line 971
comanage-registry_1 | View::_render() - CORE/Cake/View/View.php, line 933
comanage-registry_1 | View::_renderElement() - CORE/Cake/View/View.php, line 1224
comanage-registry_1 | View::element() - CORE/Cake/View/View.php, line 418
comanage-registry_1 | include - APP/View/Layouts/default.ctp, line 180
comanage-registry_1 | View::_evaluate() - CORE/Cake/View/View.php, line 971
comanage-registry_1 | View::_render() - CORE/Cake/View/View.php, line 933
comanage-registry_1 | View::renderLayout() - CORE/Cake/View/View.php, line 546
comanage-registry_1 | View::render() - CORE/Cake/View/View.php, line 481
comanage-registry_1 | Controller::render() - CORE/Cake/Controller/Controller.php, line 963
comanage-registry_1 | PagesController::display() - APP/Controller/PagesController.php, line 129
comanage-registry_1 | ReflectionMethod::invokeArgs() - [internal], line ??
comanage-registry_1 | Controller::invokeAction() - CORE/Cake/Controller/Controller.php, line 491
comanage-registry_1 | Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 193
comanage-registry_1 | Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 167
comanage-registry_1 | [main] - APP/webroot/index.php, line 96

As it is the example is for the Shibbolized version. It would be nice to have one for every different combo as, for example, volumes and names change. With working default values (as far as is feasible) it would make it easier for the users to get started.

The example(s) of database.php use "password" whilst the postgres-image uses "tigger" as password, this is confusing (and I think an oversight)? :)

I miss a (documented) way to set hostname/servername in the "comanage-registry"; this makes all handling of certificates tricky. I guessed HOST_NAME environment would work as it was mentioned in the Dockerfile but it seems not to.

...and with this I mean 2 things.

1. I wish the password file would be created automagically with defaults in it (admin:password). (With a check that the file doesnt exist if it's to be edited and mounted later). :)
2. A bootstrap(.sh) that includes everything that's in the README for the build options, using defaults that (could) work like John Doe & admin (or whatever was entered in the passwd-file) and instructions on how to use it. Even better if it also creates the db/email-config files (with working defaults for the database) and notifies the user where to (by default, according to compose) put these.

With this (hopefully) a user would just have to checkout this, run bootstrap and then go on to the database-image.