Set the spiuser password in our Docker images

An administrator needs to choose a password for a default SPI user named spiuser and then set the spiuser password in the Docker images hosted by your company's private Docker registry. This password is used for inter-component server API invocation only. The spiuser is configured in the Store server, Search server and Customization server, and used in the API invocation from those servers to the Transaction server. The images need to be configured with the spiuser password, otherwise the component servers cannot connect to the Transaction server.

Use a secure password.

Procedure

1. Log on to the dedicated server hosting the Utility server Docker container.

   If a Utility server Docker container was not deployed, see Prepare a Docker host server to launch Utility server Docker container.

2. Enter the Utility server Docker container. For example,
   docker exec -it utility_container_name bash

3. Go to the /opt/WebSphere/CommerceServer90/bin directory.

4. Encrypt the spiuser password.
   ./wcs_encrypt.sh plain_text_spiuser_password

5. Copy and save the plain_text_spiuser_password in a text file. We will need this plain text password later when we deploy the WebSphere Commerce containers.

   • Deploy a WebSphere Commerce environment locally.

   • Deploy authoring and live environments with Docker Compose.

6. Exit the Docker container.

7. Customize the Store, Search, Transaction, and Customization server Docker images to set the encrypted spiuser password within the images.

   In this step, we use a custConfiguration.sh script called during the startup of the Docker container.

   • For the Store server.

     1. Create a folder to hold Store server configurations, for example /opt/WebSphere/store.

     2. Update or create a new file named custConfiguration.sh and save under the store folder.

     3. Add the following content to custConfiguration.sh
        #!/bin/bash
        run set-spi-user spiuser ASCII_encrypted_spiuser_password

     4. Save and close the file.

     5. Add execution permissions for the file.
        chmod +x custConfiguration.sh

     6. Create a file named Dockerfile and add the following content
        FROM Docker_registry/commerce/crs-app:source_image_tag
        COPY custConfiguration.sh /SETUP/bin/

   • For the Search server.

     1. Create a folder to hold Search server configurations, for example /opt/WebSphere/search.

     2. Update or create a new file named custConfiguration.sh and save under the search folder.

     3. Add the following content to custConfiguration.sh
        #!/bin/bash
        run set-spi-user spiuser ASCII_encrypted_spiuser_password
        run update-spi-registry-user-password spiRegistry spiuser plain_text_spiuer_password

     4. Save and close the file.

     5. Add execution permissions for the file.
        chmod +x custConfiguration.sh

     6. Create a file named Dockerfile and add the following content
        FROM Docker_registry/commerce/search-app:source_image_tag
        COPY custConfiguration.sh /SETUP/bin/

   • For the Transaction server.

     1. Create a folder to hold Transaction server configurations, for example /opt/WebSphere/app.

     2. Update or create a new file named custConfiguration.sh and save under the app folder.

     3. Add the following content to custConfiguration.sh
        #!/bin/bash
        run set-spi-user spiuser ASCII_encrypted_spiuser_password

     4. Save and close the file.

     5. Add execution permissions for the file.
        chmod +x custConfiguration.sh

     6. Create a file named Dockerfile and add the following content
        FROM Docker_registry/commerce/ts-app:source_image_tag
        COPY custConfiguration.sh /SETUP/bin/

   • For the Customization server.

     1. Create a folder to hold Customization server configurations, for example /opt/WebSphere/xc.

     2. Update or create a new file named custConfiguration.sh and save under the xcapp folder.

     3. Add the following content to custConfiguration.sh
        #!/bin/bash run set-spi-user spiuser ASCII_encrypted_spiuser_password run update-spi-registry-user-password spiRegistry spiuser plain_text_spiuer_password

     4. Save and close the file.

     5. Add execution permissions for the file.
        chmod +x custConfiguration.sh

     6. Create a file named Dockerfile and add the following content
        FROM Docker_registry/commerce/xc-app:source_image_tag
        COPY custConfiguration.sh /SETUP/bin/

8. Open a command line interface.

9. (v9.0.0.0) Build the images using the Dockerfiles createdd...
   docker build -f /path/to/a/Dockerfile . -t name:tag

10. If we are responsible for maintaining our organization's private Docker registry, push the new images to the registry. Then, developers in our organization can pull the images from our registry instead of downloading from IBM.

11. Share the plain text spiuser password with the development team.

    Note: Developers need to use the plain text password when they load the WebSphere Commerce schema to the database.

Previous topic: (Optional) Running Docker images as a non-root user
Next topic: Use an IBM Db2 database