Docker - Container Cheat Sheet

Basic and advanced docker commands for reference. Use them as a cheat sheet

• Commands to install docker on Linux 

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh get-docker.sh

• Command to start the Docker daemon 

sudo service --status-all 

sudo service docker start

•  Command to Pull the docker images from Docker hub - https://hub.docker.com/

docker pull image_name:version
version : default  value is latest 

docker pull mysql

• Command to pull and install the docker image

docker run image_name

docker run mysql

            docker run -d image_name   => To run the command in background mode. 

             docker run -d --name webapp_vk  -d image_name  => To assign a name to the docker container

              docker run -d image_name command ==> We will override the CMD statement in the image or append the value to ENTRYPOINT command.  

•  Command to List the running containers. 

                    docker ps      ==> List all the running containers. 

                    docker ps -a  ==> List both running and stopped containers. 

• Command to List the images present on the host. 

                   docker images  ==> List all the images. 

• Command to Stop the containers.

                    docker stop container_id / container_name.   

• Command to Remove the containers. 

                    docker rm container_id  ==> Make sure containers are stopped before running the command. 

• Command to delete or remove the images. 

                   docker rmi image_id   ==> We can specify first few characters of the Id. 

• Command to run and execute Unix command. 

                docker run ubuntu cat /etc/*releases* ==> This will install a ubuntu on a container and run the command. 

• Command to execute the scripts

            docker exec container_id cat /etc/*release*

• Command to build a docker image

        docker build .   ==> provided the Dockerfile is in the same directory from where we are running this command. 

        docker build -f  DockerFile  -t  vijaya/image_name  ==> Providing tag/name to the image

• Command to push the docker image to Hub

        Before we push the image , we need to login 

        docker login  ==>  This will prompt docker hub credentials.  After successful login

        docker push vijaya/image_name  ==> Push the image to Hub

• Command to pass the environment values

        docker run -d -e ENV_VARIABLE_NAME=VALUE  --name vijaya_container  image_name  ==> This will supply the environment values. 

• Command for Port Mapping to access the applications using Docker Host IP. 

            docker run -d -p host_port :  container_port  image_name

            docker run -d -p 8306:3306 mysql 

OPEN SSL Commands

 Command to get the SSL certificate from the server. 

    openssl s_client -showcerts -connect ip:port

Command to import certificate to custom truststore. 

keytool -import -alias alias_name -file certificate.cer -storetype JKS -keystore CustomTrustStore

SOA Integration with IDCS

•  SCIM - System for Cross-Domain Identity Management
• Standard for Identity Managers API's
• Used by multiple Identity Provider. 
• SOA Roles will be mapped to IDCS groups. 
• Set up Federated SSO through SAML on IDCS and SOA

High-Level Steps. 

• Create IDCS groups for SOA

• Create a Confidential Application in IDCS
• Register as Client
• Select client as Confidential
• Allow following grants types
• Client Credentials
• JWT assertion
• Token Refresh
• SAML2 Assertion. 
• Granted Roles
• Identity Domain Administration
• Cloud Gate
• Assign groups to this application. 

• Configure Identity Provider in SOA weblogic Console. 
• Weblogic Console
• Security Realms
• Myrealm
• Providers
• Select New
• Name - IDCS Provider
• Type - OracleDentityCloudIntegrator
• Click Okay
• Open IDCS provide
• Common
• Control Flag - SUFFICENT : Meaning dont have to check other provider if the IDCS authentication is successful. 
• Active Type
• Authorization
• REMOTE_USER
• Provider Specific:
• Provide the IDCS details. 
• Host
• Port - 443
• SSL - Enabled
• IDCS Tenant Name
• Client Id
• Secret. 
• Save
• Reorder the provider to check IDCS first and then go for default providers. 
• Select DefaultAuthenticator
• Common
• Control Flag - SUFFICIENT
• Save
• Activate the changes. 

• Import IDCS Certificates to Trust Store. 
• Get the IDCS certificates using following URL
• https://$IDCS_HOST_PORT/ui/v1/adminconsole
• Import Certificates into System/Trust using EM console. 
• Add the following property to SetDomainEnv.sh to support wild card certificates using common names.
• -Dweblogic.security.SSL.hostnameverifier=weblogic.security.utils.sslwlswildcardhostnameverifier

• Manual OPSS Configurations. 
• Edit following file in domain dir
• /config/fmwconfig/jps-config.xml
• Search for idstore.ldap and replace it with idstore.scim under jpsContexts
• Create a IDCS property file and run the script as per the following doc-id : 2916662.2

• Configure SSO:
• Create a SAML application in IDCS.
• Give a name.
• Entity Id - Give any value
• Consumer URL - https://$SOA_LB_URL/saml2/sp/acs/post
• NameIdFormat - Unspecified. 
• Can add attributes.
• Name - Groups
• Format - Basic
• Value - Group Membership 
• Condition
• equals
• Value -  All groups
• Add Groups
• Activate
• Download the idcs metadat.xml from the SAML application created above.

• RDBMS Setup for Weblogic LB 
• Refer the below link for more details. 
• Configure SAML Asserter.
• Refer the below link for more details. 

Oracle Reference : https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=111700059898561&id=2916662.2&_afrWindowMode=0&_adf.ctrl-state=nbcwpoz12_4

Provisioning Oracle Integration Cloud Service

 OIC Provisioning.

• Provision Identity Cloud Service domain.
• Login into the OCI console.
• Go to Identity and Security Menu
• Select Domains under Identity. This option will be available for the OCI accounts created after December 2018
• Click Create Domains
• Provide Name.  Example - Development
• Provide Description.  Example - Development Domains
• Select Domain Type. Example - Free / Premium /etc.
• If we want to create a new administrator for the domain then we can provide the user name and password.
• Otherwise we can use the OCI admin user credentials by un-selecting Create Admin User option.
• Select the compartment - Development .  If not created then create a new compartment and use it.

• Create an IAM group in the IDCS domain.
• Go to the IDCS console.
• Select the groups menu
• Create a new group called Administrator group
• Provide a description.

• Create an IAM policy in the IDCS domain.
• Go to the OCI console.
• Select Identity and Security
• Select Policies under Identity
• Click Create policy.
• Provide a name - OICIntegrationGroupPolicy
• Use the policy builder to create policy.
• Sample : allow group Development/Administrator to manage integration-instance in compartment Development
• Development/Administrator - DomainName/GroupName
• If we don't provide the Domain Name then it will take the default domain present in the root compartment.
• NOTE: User Federation refers to linking user's identity and attributes across multiple identity management systems.
• Oracle Integration Federation means that identities are linked in IDCS and Oracle Identity And Access Management(IAM).

• Create an Oracle Integration Instance
• NOTE :  Instance will be associated with the IDCS instance to which we login while provisioning the OIC.
• Use the proper Identity domain while login.
• In this case , use the Development domain to login.
• After Signing into the OCI console, select the region.
• Got to Developer Service Menu on OCI console
• Under Application Integration select Integration
• Select the Compartment in which you want to provision the OIC.  In this case it will be the Development compartment.
• Click CREATE.
• Provide Name.
• Select Version - Gen 2 or Gen 3
• Consumption Model -- Universal Credit Limit
• Edition -- Standard or Enterprise.
• Shape -- Development or Production
• NOTE : Based on the shape patches will be applied. Development shapes will receive the patches two weeks early.
• Production shapes will receive the patches two weeks after the Development shapes.
• Advance Options :
• Network Access :
• Only Gen 2 version will allow us to define and configure Allow list.
• Custom Endpoint :
• Available only for Gen 2
• We can provide the custom endpoint.
• It must already be registered on a DNS provider.
• Its SSL certificates must be stored as secret in an OCI vault.

• Email Configurations.
• Sender Policy Framework (SPF) :
• It lets domain owners (InfiniteCloud) identify servers (External Servers) they have approved to send emails on behalf of their domain.
• In Oracle Integration's case, domain owners(InfiniteCloud) need to approve OCI as an approved sender and to add a record for it in their domain.