Docker container to run Reposado and Margarita to serve softwareupdates using nginx.
latestsaml- Will include SAML enabled margarita
| Variable | Default | Note |
|---|---|---|
| LOCALCATALOGURLBASE | http://reposado:8080 | Base URL for repo |
| MINOSVERSION | Minimum minor OS version to mirror updates for. (ie. 10.12.X = 12) | |
| USERNAME | admin | Margarita username |
| PASSWORD | password | Margarita password |
| PORT | 8080 | Port reposado listens on |
| LISTEN_PORT | 8089 | Port margarita listens on |
| HUMANREADABLESIZES | false | |
| ONLYHOSTDEPRECATED | false | Only host deprecated items, point current updates directly to apple |
| ALWAYSREWRITEDISTRIBUTIONURLS | false |
Note: when specifying true or false please do so in lowercase
| Path | Note |
|---|---|
| /reposado/html | Reposado html folder |
| /reposado/metadata | Reposado metadata folder |
| /app/saml | SAML configuration folder (saml tag only) |
First we would want to set up a persistent storage location for reposado, for example:
mkdir -p /var/docker/reposado/html /var/docker/reposado/metadata
chmod -R 777 /var/docker/reposado
We can now setup the master container that runs both margarita and hosts reposado. For example:
docker run -d --name reposado \
-v /var/docker/reposado/html:/reposado/html \
-v /var/docker/reposado/metadata:/reposado/metadata \
-e USERNAME=admin \
-e PASSWORD='password' \
-p 8080:8080 \
-p 8089:8089 \
--restart always \
sphen/reposado
Note: the instructions below rely on you naming your docker container "reposado" specifically. If not, linking your temporary containers to the master will not reference the configuration variables properly.
Nothing is in it! (in our example) so now we just interact with repoutil or repo_sync in a linked container. You can schedule the command via cron/systemd or run it manually. For example:
docker run --rm -it --volumes-from reposado --link reposado sphen/reposado python /reposado/code/repoutil --help
Or to actually trigger a mirror/update:
docker run --rm -it --volumes-from reposado --link reposado sphen/reposado python /reposado/code/repo_sync
By using --volumes-from and --link we are able to take and use settings from our master container. Please take care that if you name your master container something other than reposado you will need to update these commands.
The Python SAML Toolkit from OneLogin has been implemented for margarita if you pull the saml tag. As margarita does not have a permissions structure built in, we are just looking for a valid SAML assertion for access (no attributes needed).
I am not going to walkthrough configuration here as it is very popular among other apps that implement SAML and the configuration is beyond the scope here. If you want to use SAML you must take over the configuration within the /app/saml directory within the container. The easiest would be to provide a mapped folder for this location and populate with your configuration. The expected and example structure for this folder can be seen at this link.
Well - if you are versed in docker you are on your way - but as a hint, if you want you can only serve reposado by excluding -p 8089:8089 from the run command. You may also serve on a different port than 8089 for margarita by changing -p 8089:8089 to -p 80:8089 for example. There are other environment variables listed above that may help you tweak things.
Well, have fun tweaking the container within nginx and certs - or better yet maybe use something like caddy-docker in front of it all with automatic lets-encrypt.
Push Requests and feedback welcome!