IdStory Identity Manager

When I checked my test compose file I realized that I made syntax error while saving it.
Fix solves container restarting bug.

installation tutorial

mkdir mssql
cd mssql

crate file: docker-compose.yml

version: '2.1'

services:
   mssql1:
        image:  mcr.microsoft.com/mssql/server:2017-latest-ubuntu 
        container_name: test_mssql_1
        hostname: test_mssql_1
        environment:
                ACCEPT_EULA: "Y" 
                SA_PASSWORD: "SuperHeslo1" 
                MSSQL_PID: "Express" 
        ports:
         - "1433:1433" 
        restart: always

   mssql2:
        image:  mcr.microsoft.com/mssql/server:2017-latest-ubuntu
        container_name: test_mssql_2
        hostname: test_mssql_2
        environment:
                ACCEPT_EULA: "Y" 
                SA_PASSWORD: "SuperHeslo1" 
                MSSQL_PID: "Express" 
        ports:
         - "1434:1433" 
        restart: always

Mssql servers will start listening on port 1433( test_mssql_1) and 1434( test_mssql_2)

I created local testing CentOS 8 enviroment to check compose-file with podman.
MSSQL started and I connected under user SA.

Now I must automatically create user and database for IdM.
Then I will test that database for IdM backend.

Plan for mssql IdM usage. Because mssql container requires set SA password from variable we must change it later where source of new password will be secret file.
We also need execute script which will create czechidm user and database for czechidm.

With this plan I tried load empty script to container via compose file to test if I am able load files.

When I add this configuration. File on container was created but unknown permission ( there were literaly "???????" on ls -lah list) and mssql user can't open it.

 volumes:
    - type: bind
      source: ./init_idm_mssql.sh
      target: /run/init_idm_mssql.sh
      read_only: false

Then I tried share whole directory:

volumes:
    - /opt/mssql/test/:/opt/test

It look beter because permission look like this ( directory "test")

mssql@czechidm_mssql_1:/$ ls -alh /opt/
total 0
drwxrwxr-x. 1 root root 18 Jun 19 14:30 .
drwxr-xr-x. 1 root root 39 Jun 19 14:30 ..
drwxr-xr-x. 3 root root 25 Mar 26 23:22 microsoft
drwxrwxr-x. 1 root root 17 Mar 26 23:15 mssql
drwxrwxr-x. 4 root root 28 Mar 26 23:20 mssql-extensibility
drwxr-xr-x. 4 root root 30 Mar 26 23:22 mssql-tools
drwxr-xr-x. 2 root root 31 Jun 19 14:10 test

ls: cannot open directory '/opt/test/': Permission denied

If I can't found the way to run custom sql script in container there will be no other way than after starting container run this script externally.

I solved the problem with sharing volumes. Problem was selinux on host.
When selinux is turned off file sharing works fine.

Tomorrow I will add sql init script and test it with IdM.

Added changes to docker-compose-mssql.yml

        volumes:
              - type: bind
                source: ./init_idm_mssql.sh
                target: /opt/init_idm_mssql.sh
                read_only: true
              - type: bind
                source: ./idm_db.pwfile
                target: /run/secrets/idm_db.pwfile
                read_only: true
              - type: bind
                source: ./SA_db.pwfile
                target: /run/secrets/SA_db.pwfile
                read_only: true

I created new compose file docker-compose-mssql.init.yml based on mssql sqlcmd image for run script to create IdM user and database.
In testing I ecountered problem with run this sql command ( I run it under SA):
GRANT ALTER, CONTROL, CREATE SEQUENCE, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, TAKE OWNERSHIP, UPDATE, VIEW CHANGE TRACKING, VIEW DEFINITION ON SCHEMA::bcv_idm_storage TO idmadmin;
When I resolve this problem and test it both container will be ready to use;

I found that sql command

GRANT ALTER, CONTROL, CREATE SEQUENCE, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, TAKE OWNERSHIP, UPDATE, VIEW CHANGE TRACKING, VIEW DEFINITION ON SCHEMA::bcv_idm_storage TO idmadmin; 

Cannot grant, deny, or revoke permissions to sa, dbo, entity owner, information_schema, sys, or yourself

But I tested that IdM start on that database without that permission grant.

For testing this containers I set up local testing IdM for connecting to mssql.

I also tested stopping and starting container with mssql with IdM.
Container and IdM works fine, but I found bug with "podman-compose stop". This command didn't work and must be used workaround with "podman".

Then I test container up and down. It works properly.
Last this what's need to be done is readme.