Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
7d8d13aa14
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

COmanage/docker-comanage-entrypoint

Go to file
 
 
Cannot retrieve contributors at this time
executable file 350 lines (291 sloc) 12.2 KB
Raw Blame
#!/bin/bash
# COmanage Registry Dockerfile entrypoint
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
if [ -n "$COMANAGE_DEBUG" ]
then
OUTPUT=/dev/stdout
else
OUTPUT=/dev/null
fi
# Configuration details that may be injected through environment
# variables or the contents of files.
injectable_config_vars=(
COMANAGE_REGISTRY_DATASOURCE
COMANAGE_REGISTRY_DATABASE
COMANAGE_REGISTRY_DATABASE_HOST
COMANAGE_REGISTRY_DATABASE_USER
COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
COMANAGE_REGISTRY_EMAIL_FROM
COMANAGE_REGISTRY_EMAIL_TRANSPORT
COMANAGE_REGISTRY_EMAIL_HOST
COMANAGE_REGISTRY_EMAIL_PORT
COMANAGE_REGISTRY_EMAIL_ACCOUNT
COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
COMANAGE_REGISTRY_SECURITY_SALT
COMANAGE_REGISTRY_SECURITY_SEED
ENV
HTTPS_CERT_FILE
HTTPS_PRIVKEY_FILE
SERVER_NAME
USERTOKEN
)
# If the file associated with a configuration variable is present then
# read the value from it into the appropriate variable. So for example
# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
# value points to a file on the file system then read the contents
# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
for config_var in "${injectable_config_vars[@]}"
do
eval file_name=\$"${config_var}_FILE";
if [ -e "$file_name" ]; then
declare "${config_var}"=`cat $file_name`
fi
done
# Make sure the directory structure we need is available
# in the data volume for $COMANAGE_REGISTRY_DIR/local
mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"
# If the COmanage Registry database configuration file does not exist
# then try to create it from injected information with reasonable defaults
# that aid simple evaluation deployments.
if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then
cat > "$COMANAGE_REGISTRY_DIR/local/Config/database.php" <<EOF
<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => '${COMANAGE_REGISTRY_DATASOURCE:-Database/Mysql}',
'persistent' => false,
'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}',
'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}',
'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}',
'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}',
'prefix' => 'cm_',
);
}
EOF
fi
# If the COmanage Registry email configuration file does not exist
# then try to create it from injected information with reasonable defaults
# that aid simple evaluation deployments.
email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php"
if [ ! -e "$email_config" ]; then
# If the deployer has injected an email for from then use it,
# otherwise set a default purely as a template that can edited
# easier later.
if [ -n "$COMANAGE_REGISTRY_EMAIL_FROM" ]; then
email_from="$COMANAGE_REGISTRY_EMAIL_FROM"
else
email_from="array('account@gmail.com' => 'Registry')"
fi
# If the injected email from does not include a single quote (')
# then add them to make it a PHP string.
if [[ ! $email_from =~ .*"'".* ]]; then
email_from="'$email_from'"
fi
cat > "$email_config" <<EOF
<?php
class EmailConfig {
public \$default = array(
'from' => $email_from,
'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}',
'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}',
'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465},
EOF
# If the deployer has injected a username then add it to the configuration.
if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT" ]; then
cat >> "$email_config" <<EOF
'username' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT',
EOF
fi
# If the deployer has injected a password then add it to the configuration.
if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD" ]; then
cat >> "$email_config" <<EOF
'password' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD',
EOF
fi
# Complete the PHP array.
cat >> "$email_config" <<EOF
);
}
EOF
fi
# Loop until we are able to open a connection to the database.
DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php"
cat > $DATABASE_TEST_SCRIPT <<"EOF"
<?php
App::import('Model', 'ConnectionManager');
class DatabaseTestShell extends AppShell {
function main() {
try {
$db = ConnectionManager::getDataSource('default');
} catch (Exception $e) {
$this->error("Unable to connect to datasource");
}
$this->out("Connected to datasource");
}
}
EOF
pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
until ./Console/cake databaseTest > "$OUTPUT" 2>&1; do
>&2 echo "Database is unavailable - sleeping"
sleep 1
done
rm -f "$DATABASE_TEST_SCRIPT"
popd > "$OUTPUT" 2>&1
# We only want to run the setup script once since it creates
# state in the database. Until COmanage Registry has a better
# mechanism for telling us if setup has already been run
# we create an ephemeral CakePHP script to tell us.
SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"
cat > $SETUP_ALREADY_SCRIPT <<"EOF"
<?php
class SetupAlreadyShell extends AppShell {
var $uses = array('Co');
function main() {
$args = array();
$args['conditions']['Co.name'] = 'COmanage';
$args['contain'] = false;
try {
$co = $this->Co->find('first', $args);
} catch (CakeException $e) {
$this->out('Not setup already');
}
if(empty($co)) {
$this->out('Not setup already');
} else {
$this->error('Setup already');
}
}
}
EOF
pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
./Console/cake setupAlready > "$OUTPUT" 2>&1
setup_already=$?
rm -f "$SETUP_ALREADY_SCRIPT"
if [ $setup_already -eq 0 ]; then
rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > "$OUTPUT" 2>&1
rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > "$OUTPUT" 2>&1
# Run database twice until issue on develop branch is resolved. Since
# the command is idempotent normally it is not a problem to have it run
# more than once.
./Console/cake database > "$OUTPUT" 2>&1 && \
./Console/cake database > "$OUTPUT" 2>&1 && \
./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
--admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
--admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
--enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1
AUTO_GENERATED_SECURITY=1
fi
popd > "$OUTPUT" 2>&1
# If COmanage Registry CakePHP security salt and seed have been
# injected and the files do not otherwise exist create them.
if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then
echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt"
fi
if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then
echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed"
fi
# We always run upgradeVersion since it will not make any changes
# if the current and target versions are the same or if
# an upgrade from the current to the target version is not allowed.
pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
./Console/cake upgradeVersion "${COMANAGE_REGISTRY_UPGRADE_VERSION_OPTS}" > "$OUTPUT" 2>&1
popd > "$OUTPUT" 2>&1
# Force a datbase update if requested. This is helpful when deploying
# a new version of the code that does not result in a change in the
# version number and so upgradeVersion does not fire. An example
# of this scenario is when new code is introduced in the develop
# branch but before a release happens.
if [ -n "$COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE" ]; then
echo "Forcing a database schema update..." > "$OUTPUT" 2>&1
pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
./Console/cake database > "$OUTPUT" 2>&1
popd > "$OUTPUT" 2>&1
fi
# Enable any supported non-core plugins if requested.
if [ -n "$COMANAGE_REGISTRY_ENABLE_PLUGIN" ]; then
plugins=(`echo "$COMANAGE_REGISTRY_ENABLE_PLUGIN" | sed -e 's@,@ @'`) > "$OUTPUT" 2>&1
for plugin in "${plugins[@]}";
do
echo "Enabling available plugin $plugin..." > "$OUTPUT" 2>&1
pushd "$COMANAGE_REGISTRY_DIR/local/Plugin" > "$OUTPUT" 2>&1
ln -s "../../app/AvailablePlugin/$plugin" "$plugin" > "$OUTPUT" 2>&1
popd > "$OUTPUT" 2>&1
pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
./Console/cake database > "$OUTPUT" 2>&1
popd > "$OUTPUT" 2>&1
done
fi
# Remove any cache files generated thus far.
find "$COMANAGE_REGISTRY_DIR/app/tmp/cache" -type f -exec rm -f {} \;
# If defined use configured location of Apache HTTP Server
# HTTPS certificate and key files. The certificate file may also
# include intermediate CA certificates, sorted from leaf to root.
if [ -n "$HTTPS_CERT_FILE" ]; then
rm -f /etc/httpd/cert.pem
cp "$HTTPS_CERT_FILE" /etc/httpd/cert.pem
chown apache /etc/httpd/cert.pem
chmod 0644 /etc/httpd/cert.pem
fi
if [ -n "$HTTPS_PRIVKEY_FILE" ]; then
rm -f /etc/httpd/privkey.pem
cp "$HTTPS_PRIVKEY_FILE" /etc/httpd/privkey.pem
chown apache /etc/httpd/privkey.pem
chmod 0600 /etc/httpd/privkey.pem
fi
# If SERVER_NAME has not been injected try to determine
# it from the HTTPS_CERT_FILE.
if [ -z "$SERVER_NAME" ]; then
SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -text -noout | sed -n '/X509v3 Subject Alternative Name:/ {n;p}' | sed -E 's/.*DNS:(.*)\s*$/\1/'`
if [ -z "$SERVER_NAME" ]; then
SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -subject -noout | sed -E 's/subject=.*CN=(.*)\s*/\1/'`
fi
fi
# Configure Apache HTTP Server with the server name.
sed -i -e s@%%SERVER_NAME%%@"${SERVER_NAME:-unknown}"@g /etc/httpd/conf.d/000-comanage.conf
# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
if [[ $ENV =~ .*";".* ]]; then
ENV=`echo $ENV | tr -d ';'`
export ENV
fi
if [[ $USERTOKEN =~ .*";".* ]]; then
USERTOKEN=`echo $USERTOKEN | tr -d ';'`
export USERTOKEN
fi
# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
if [[ $ENV =~ [[:space:]] ]]; then
ENV=`echo $ENV | tr -d [:space:]`
export ENV
fi
if [[ $USERTOKEN =~ [[:space:]] ]]; then
USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
export USERTOKEN
fi
# Create pipes to use for COmanage Registry instead of standard log files.
rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
# Format any output from COmanange Registry into standard TIER form.
(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
# Start Apache HTTP Server
exec /usr/sbin/httpd -DFOREGROUND