diff --git a/.dockerignore b/.dockerignore
deleted file mode 100644
index b43bf86..0000000
--- a/.dockerignore
+++ /dev/null
@@ -1 +0,0 @@
-README.md
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7323a01
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+bin/build.sh
+bin/destroy.sh
+bin/install.sh
+bin/rebuild.sh
+bin/rerun.sh
+bin/run.sh
+bin/test.sh
diff --git a/000-comanage.conf b/000-comanage.conf
deleted file mode 100644
index b198062..0000000
--- a/000-comanage.conf
+++ /dev/null
@@ -1,86 +0,0 @@
-# COmanage Registry Apache HTTP Server configuration
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-Listen 443
-ServerName %%SERVER_NAME%%
-PassEnv ENV
-PassEnv USERTOKEN
-
-<VirtualHost *:80>
-ServerName http://%%SERVER_NAME%%:80
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
-</VirtualHost>
-
-<VirtualHost *:443>
-
-ServerName https://%%SERVER_NAME%%:443
-
-PassEnv ENV
-PassEnv USERTOKEN
-
-DocumentRoot /var/www/html
-
-RedirectMatch ^/$ /registry/
-
-ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
-ErrorLog /tmp/logpipe
-LogLevel warn
-
-LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
-CustomLog /tmp/logpipe ssl_combined
-
-Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
-SSLEngine on
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
-SSLHonorCipherOrder on
-
-SSLCertificateFile /etc/httpd/cert.pem
-SSLCertificateKeyFile /etc/httpd/privkey.pem
-
-<Directory /var/www/html/registry>
-Options Indexes FollowSymLinks
-DirectoryIndex index.php
-AllowOverride All
-Require all granted
-</Directory>
-
-<Location "/Shibboleth.sso">
-SetHandler shib
-</Location>
-
-<Directory /var/www/html/registry/auth/login>
-AuthType shibboleth
-ShibRequestSetting requireSession 1
-Require valid-user
-</Directory>
-
-<Location />
-AuthType shibboleth
-Require shibboleth
-</Location>
-
-RewriteEngine On
-RewriteCond %{QUERY_STRING} !after_redirect
-RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R]
-
-</VirtualHost>
diff --git a/10-php7.conf b/10-php7.conf
deleted file mode 100644
index 64ef2d7..0000000
--- a/10-php7.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<IfModule prefork.c>
- LoadModule php7_module modules/libphp7.so
-</IfModule>
diff --git a/BINSCRIPTS.md b/BINSCRIPTS.md
new file mode 100644
index 0000000..7818108
--- /dev/null
+++ b/BINSCRIPTS.md
@@ -0,0 +1,41 @@
+# util
+
+This repository is intended to be downloaded into a container repository during development for convenience purposes. Since the major mechanisms of developing to the Docker container construction lifecycle are identical across container images, this repository allows for consistency and additional ease of use across all container images.
+
+## Install
+
+If you are reading this file in BINSCRIPTS.md, your container project is likely to be util-enabled.
+
+To use these scripts yourself, issue this command:
+
+```
+curl "https://github.internet2.edu/raw/docker/util/master/bin/install.sh?token=AAAAE4VRBLPB8VExPHSR5nCe791IAYqaks5Xzug5wA%3D%3D" | bash
+```
+
+### common.bash
+
+The installation process will create a common.bash file. This file should be the central, canonical authority for management of environment variables. While a subprocess may override them, the files in common.bash should be treated as authoritative defaults. Processes (e.g. `docker build`, `bats`, inside `Jenkinsfile`) can read this file and process the results therein.
+
+You should edit this file to change the image name, and add any other helpful environment variables.
+
+### Jenkinsfile
+
+This will also install a Jenkinsfile to your repository, if it doesn't have one. This will ensure that your Jenkins pipeline can leverage these scripts in the way intended. Ensuring the commands that you issue on your laptop match the commands issued by the build pipeline is critical to ensure predictable, reliable results.
+
+## Use
+
+
+### Building
+
+#### build.sh
+`bin/build.sh `
+#### destroy.sh
+#### rebuild.sh
+
+### Running
+### rerun.sh
+### run.sh
+
+
+### Testing
+#### test.sh
diff --git a/Dockerfile b/Dockerfile
index 7740dd3..4f5bae3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,197 +1,159 @@
-# COmanage Registry Dockerfile
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-FROM centos:centos7 AS php-build
-
-RUN yum -y install epel-release
-
-RUN yum -y update && yum -y install \
- autoconf \
- bison \
- gcc \
- httpd-devel \
- libargon2-devel \
- libcurl-devel \
- libedit-devel \
- libsodium-devel \
- libxml2-devel \
- libxslt-devel \
- make \
- mariadb-devel \
- openldap-devel \
- openssl-devel \
- postgresql-devel \
- re2c \
- wget
-
-WORKDIR /usr/local/src
-
-ARG PHP_VERSION=7.2.5
-ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
-
-RUN mkdir php-src \
- && wget -O php-src.tar.gz ${PHP_SRC_URL} \
- && tar zxf php-src.tar.gz -C php-src --strip-components=1 \
- && rm php-src.tar.gz
-
-ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
-ENV PHP_CPPFLAGS="$PHP_CFLAGS"
-ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
-
-RUN cd php-src \
- && ./buildconf --force \
- && ./configure \
- --disable-cgi \
- --enable-mbstring \
- --enable-mysqlnd \
- --with-apxs2=/usr/bin/apxs \
- --with-config-file-path=/usr/local/etc/php \
- --with-config-file-scan-dir=/usr/local/etc/php/conf.d \
- --with-curl \
- --with-ldap \
- --with-libdir=lib64 \
- --with-libedit \
- --with-mysqli \
- --with-openssl \
- --with-password-argon2 \
- --with-pdo-mysql \
- --with-pdo-pgsql \
- --with-pgsql \
- --with-sodium \
- --with-xsl \
- --with-zlib \
- && export CFLAGS="$PHP_CFLAGS" \
- && export CPPFLAGS="$PHP_CPPFLAGS" \
- && export LDFLAGS="$PHP_LDFLAGS" \
- && make -j "$(nproc)" \
- && make install
-
-FROM centos:centos7
-
-RUN yum -y install epel-release
-
-COPY shibboleth.repo /etc/yum.repos.d/
-
-RUN yum -y update && yum -y install \
- cronie \
- httpd \
- libargon2 \
- libcurl \
- libedit \
- libsodium \
- libxml2 \
- libxslt \
- mod_ssl \
- mariadb-libs \
- postgresql \
- python-pip \
- shibboleth \
- wget \
- zlib \
- && pip install --upgrade pip \
- && pip install supervisor \
- && yum clean -y all
-
-COPY --from=php-build /usr/lib64/httpd/modules/libphp7.so /usr/lib64/httpd/modules/
-COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
-COPY --from=php-build /usr/local/include/php /usr/local/include/php/
-COPY --from=php-build /usr/local/bin /usr/local/bin/
-
-ARG COMANAGE_REGISTRY_VERSION=3.1.1
-ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
-ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
-
-LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
-LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL}
-
-ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
-
-WORKDIR "$COMANAGE_REGISTRY_DIR"
-
-RUN mkdir -p "${COMANAGE_REGISTRY_DIR}" \
- && wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \
- && tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \
- && rm -f comanage.tar.gz \
- && rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && cd /var/www/html \
- && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
- && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
- && ln -s ${COMANAGE_REGISTRY_DIR}/local /local
-
-COPY 000-comanage.conf /etc/httpd/conf.d/
-COPY 10-php7.conf /etc/httpd/conf.modules.d/
-COPY php.conf /etc/httpd/conf.d/
-COPY supervisord.conf /usr/local/etc/supervisord.conf
-COPY shibd.logger /etc/shibboleth/
-COPY native.logger /etc/shibboleth/
-COPY httpd.conf /etc/httpd/conf/
-COPY sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
-COPY setupcron.sh /usr/local/bin/setupcron.sh
-
-RUN cd /etc/httpd/conf.d \
- && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
- && cd /etc/httpd \
- && ln -s /etc/pki/tls/certs/localhost.crt cert.pem \
- && ln -s /etc/pki/tls/private/localhost.key privkey.pem \
- && chmod 755 /usr/local/bin/sendtierbeacon.sh \
- && chmod 755 /usr/local/bin/setupcron.sh \
- && /usr/local/bin/setupcron.sh
-
-# Allow values for first administrator bootstrapped into the
-# platform to be specified at image build time, in addition to
-# being injected at run time through the entrypoint script.
-ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME
-ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME
-ARG COMANAGE_REGISTRY_ADMIN_USERNAME
-ARG COMANAGE_REGISTRY_ENABLE_POOLING
-
-# Set simple defaults for first administrator bootstrapped into the
-# platform to make simple evaluation of the platform easier.
-ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:-Registry}
-ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-Admin}
-ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin}
-ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No}
+#
+FROM tier/shibboleth_sp
+
+# Define args and set a default value
+ARG registry=docker.io
+ARG maintainer=tier
+ARG imagename=comanage
+ARG version=3.1.1
+ARG tierversion=180801
+
+
+MAINTAINER $maintainer
+LABEL Vendor="Internet2"
+LABEL ImageType="COmanage"
+LABEL ImageName=$imagename
+LABEL ImageOS=centos7
+LABEL Version=$version
+
+LABEL Build docker build --rm --tag $registry/$maintainer/$imagename .
+
+# Install deps
+RUN yum -y install --setopt=tsflags=nodocs \
+ httpd \
+ mariadb \
+ mysql-devel \
+ mysql-libs \
+ mod_ssl \
+ php \
+ php-openssl \
+ php-cli \
+ php-ldap \
+ php-mbstring \
+ php-mcrypt \
+ php-mysql \
+ php-pear-MDB2-Driver-mysqli \
+ php-pecl-memcached \
+ php-xml \
+ git \
+ vim && yum -y clean all
+#
+# Global PHP configuration changes
+#
+RUN sed -i \
+ -e 's~^;date.timezone =$~date.timezone = Europe/Rome~g' \
+ -e 's~^;user_ini.filename =$~user_ini.filename =~g' \
+ /etc/php.ini
+
+RUN echo '<?php phpinfo(); ?>' > /var/www/html/index.php
+
+# Export this variable so that shibd can find it's CURL library
+RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64"
+RUN export LD_LIBRARY_PATH
+
+ENV VERSION=$version
+ENV TIERVERSION=$tierversion
+ENV IMAGENAME=$imagename
+ENV MAINTAINER=$maintainer
+
+ENV COMANAGE_URL=https://github.com/Internet2/comanage-registry/archive/$VERSION.tar.gz
+ENV COMANAGE_PREFIX=comanage-registry
+
+# Note using git to grab this alternate develop branch
+RUN mkdir -p /opt/comanage && cd /opt/comanage && \
+ wget -q $COMANAGE_URL && \
+ tar xf $VERSION.tar.gz && \
+ ln -s /opt/comanage/$COMANAGE_PREFIX-$VERSION /opt/comanage/current && \
+ mkdir /var/cache/registry && \
+ cp -r /opt/comanage/current/app/tmp.dist /var/cache/registry && \
+ chown -R apache /var/cache/registry && \
+ chmod -R 700 /var/cache/registry && \
+ ln -s /var/cache/registry /opt/comanage/current/local/tmp
+
+ENV COMANAGE_HOME /opt/comanage/current
+
+WORKDIR $COMANAGE_HOME
+
+# Add starters and installers
+ADD ./container_files /opt
+
+# Add Volumes and Set permissions
+RUN mkdir /opt/shared \
+ && chmod 777 /opt/shared \
+ && chmod +x /opt/bin/*.sh \
+ && chmod +x /opt/autoexec/bin/*.sh \
+ && chmod +x /opt/autoexec/firstrun/*.sh \
+ && chmod +x /opt/autoexec/onbuild/*.sh
+
+# Change the following values to match that of your deployment when doing a native COmanage Docker deployment.
+# If using the TIER COmanage Virtual Machine (https://testbed.tier.internet2.edu/), these values will be configured
+# with the setup script
+ENV ADMIN_GIVEN_NAME "Admin"
+ENV ADMIN_FAMILY_NAME "Adming"
+ENV ADMIN_EPPN "admin@example.edu"
+ENV COMANAGE_SERVER_FQDN "comanage.example.edu"
+ENV COMANAGE_MAIL_FROM "comanage_registry@comanage.example.edu"
+ENV COMANAGE_MAIL_HOST "localhost"
+ENV COMANAGE_MAIL_PORT "25"
+ENV COMANAGE_MAIL_USER "user"
+ENV COMANAGE_MAIL_PASS "secret"
+ENV MYSQL_HOST "i2mariadb"
+ENV MYSQL_DATABASE "registry"
+ENV MYSQL_USER "registry_user"
+ENV MYSQL_PASSWORD "mysql_password"
+ENV ADMIN_FAMILY_NAME "admin"
+ENV ADMIN_GIVEN_NAME "admin"
+
+# How long will we wait for MariaDB to start up?
+ENV WAIT_TIME 60
+
+# Required volumes for mounting Shibboleth SSL files into container
+VOLUME /opt/shibboleth/ssl/
+
+# Required volumes for mounting Apache SSL files into container
+VOLUME /opt/httpd/ssl/
+
+#Add httpd and php configuration
+RUN ln -s /opt/etc/httpd/conf.d/ports.conf /etc/httpd/conf.d/ports.conf && \
+ ln -s /opt/etc/httpd/conf.d/handlers.conf /etc/httpd/conf.d/handlers.conf && \
+ ln -s /opt/etc/httpd/conf.d/virtual_host_80.conf /etc/httpd/conf.d/00-comanage-80.conf && \
+ ln -s /opt/etc/php/EmailSheel.php /opt/comanage/comanage-registry-$version/app/Console/Command/EmailSheel.php && \
+ ln -s /opt/etc/php/database.php /opt/comanage/comanage-registry-$version/local/Config/database.php && \
+ rm -f /opt/comanage/comanage-registry-$version/app/Config/database.php && \
+ ln -s /opt/etc/php/database.php /opt/comanage/comanage-registry-$version/app/Config/database.php && \
+ ln -s /opt/etc/php/email.php /opt/comanage/comanage-registry-$version/local/Config/email.php && \
+ rm -f /opt/comanage/comanage-registry-$version/app/Config/email.php && \
+ ln -s /opt/etc/php/email.php /opt/comanage/comanage-registry-$version/app/Config/email.php && \
+ ln -s /opt/comanage/comanage-registry-$VERSION/app/webroot /var/www/html/registry && \
+ rm /etc/httpd/conf/httpd.conf && \
+ ln -s /opt/etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf && \
+ /opt/autoexec/bin/onbuild.sh
+
+
+# Port
EXPOSE 80 443
-VOLUME ["/srv/comanage-registry/local"]
-
-VOLUME ["/etc/shibboleth"]
+ADD files/bin/setenv.sh /opt/tier/setenv.sh
+RUN chmod +x /opt/tier/setenv.sh
+ADD files/bin/startup.sh /usr/bin/startup.sh
+RUN chmod +x /usr/bin/startup.sh
+ADD files/bin/sendtierbeacon.sh /usr/bin/sendtierbeacon.sh
+RUN chmod +x /usr/bin/sendtierbeacon.sh
-COPY docker-comanage-entrypoint /usr/local/bin/
-COPY docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
-COPY docker-supervisord-entrypoint /usr/local/bin/
-# TIER Beacon Opt-out
-#
-# Completely uncomment the following ENV line to prevent the containers from
-# sending analytics information to Internet2. With the default/release
-# configuration, it will only send product (Shibb/Grouper/COmanage) and version
-# (3.3.1-17040, etc) once daily between midnight and 4am. There is no
-# configuration or private information collected or sent. This data helps with
-# the scaling and funding of TIER. Please do not disable it if you find the
-# TIER tools useful. To keep it commented, keep multiple comments on the
-# following line (to prevent other scripts from processing it).
-##### ENV TIER_BEACON_OPT_OUT True
-
-ENV TIER_RELEASE=180801
-ENV TIER_MAINTAINER=tier
-
-ENTRYPOINT ["docker-supervisord-entrypoint"]
+CMD ["/usr/bin/startup.sh"]
diff --git a/Jenkinsfile b/Jenkinsfile
index 278e7f7..80b51fd 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,65 +1,90 @@
-pipeline {
- agent any
- environment {
- maintainer = "t"
- imagename = 'g'
- tag = 'l'
- version='3.1.1'
+// Licensed to the University Corporation for Advanced Internet Development,
+// Inc. (UCAID) under one or more contributor license agreements. See the
+// NOTICE file distributed with this work for additional information regarding
+// copyright ownership. The UCAID licenses this file to You under the Apache
+// License, Version 2.0 (the "License"); you may not use this file except in
+// compliance with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+//distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+node('docker') {
+
+ stage 'Checkout'
+
+ checkout scm
+
+ stage 'Acquire util'
+
+ sh 'mkdir -p tmp && mkdir -p bin'
+ dir('tmp'){
+ git([ url: "https://github.internet2.edu/docker/util.git",
+ credentialsId: "jenkins-github-access-token" ])
+ sh 'mv ./bin/* ../bin/.'
}
- stages {
- stage('Setting build context') {
- steps {
- script {
- maintainer = maintain()
- imagename = imagename()
- version= registryversion()
- if(env.BRANCH_NAME == "master") {
- tag = "latest"
- } else {
- tag = env.BRANCH_NAME
- }
- if(!imagename){
- echo "You must define an imagename in common.bash"
- currentBuild.result = 'FAILURE'
- }
- }
- }
- }
- stage('Build') {
- steps {
- echo 'step 2'
- }
- }
- stage('Push') {
- steps {
- script {
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
- def baseImg = docker.build("$maintainer/$imagename", "--build-arg COMANAGE_REGISTRY_VERSION=$version .")
- baseImg.push("$tag")
- }
- }
- }
- }
- stage('Notify') {
- steps{
- echo "$maintainer"
- slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
- }
- }
+ sh 'rm -rf tmp'
+
+ stage 'Setting build context'
+
+ def maintainer = maintainer()
+ def imagename = imagename()
+ def tag
+
+ // Tag images created on master branch with 'latest'
+ if(env.BRANCH_NAME == "master"){
+ tag = "latest"
+ }else{
+ tag = env.BRANCH_NAME
}
- post {
- always {
- echo 'In post.'
- }
- failure {
- // slackSend color: 'good', message: "Build failed"
- handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
- }
+
+ if(!imagename){
+ echo "You must define an imagename in common.bash"
+ currentBuild.result = 'FAILURE'
+ }
+ if(maintainer){
+ echo "Building ${imagename}:${tag} for ${maintainer}"
+ }
+
+ stage 'Build'
+ try{
+ sh 'bin/rebuild.sh &> debug'
+ } catch(error) {
+ def error_details = readFile('./debug');
+ def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+ sh "rm -f ./debug"
+ handleError(message)
}
-}
+
+ stage 'Tests'
+
+ try{
+ sh 'bin/test.sh &> debug'
+ } catch(error) {
+ def error_details = readFile('./debug');
+ def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+ sh "rm -f ./debug"
+ handleError(message)
+ }
+
+ stage 'Push'
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+ def baseImg = docker.build("$maintainer/$imagename")
+ baseImg.push("$tag")
+ }
+
+ stage 'Notify'
+
+ slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
-def maintain() {
+}
+
+def maintainer() {
def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
matcher ? matcher[0][1] : 'tier'
}
@@ -69,16 +94,10 @@ def imagename() {
matcher ? matcher[0][1] : null
}
-def registryversion() {
- def matcher = readFile('common.bash') =~ 'COMANAGE_REGISTRY_VERSION="(.+)"'
- matcher ? matcher[0][1] : null
-}
-
-
def handleError(String message){
echo "${message}"
currentBuild.setResult("FAILED")
slackSend color: 'danger', message: "${message}"
- //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chubing@internet2.edu', sendToIndividuals: true])
+ //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true])
sh 'exit 1'
}
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..240853c
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,5 @@
+Apache [PRODUCT_NAME]
+Copyright [XXXX-XXXX] The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
diff --git a/README.md b/README.md
index 50d0a06..8b13789 100644
--- a/README.md
+++ b/README.md
@@ -1,556 +1 @@
-# COmanage Registry Internet2 TIER Docker
-## What it is
-Docker version of [COmanage
-Registry](https://spaces.internet2.edu/display/COmanage/Home) packaged to meet
-the specifications of the
-[Internet2 TIER](https://www.internet2.edu/vision-initiatives/initiatives/trust-identity-education-research/)
-program.
-
-COmanage Registry is a web application that requires a relational database
-and an authentication mechanism such as
-[Shibboleth](http://shibboleth.net/products/service-provider.html).
-
-## How To
-
-* Install Docker. These instructions require version 17.03.1 or higher.
-
-* Clone this repository:
-
-```
-git clone https://github.com/Internet2/comanage-registry-docker.git
-cd comanage-registry-docker
-```
-
-* Define `COMANAGE_REGISTRY_VERSION`. Currently we recommend
-
-```
-export COMANAGE_REGISTRY_VERSION=3.1.0
-```
-
-* Build a local image for COmanage Registry:
-
-```
-pushd comanage-registry-internet2-tier
-docker build \
- --build-arg COMANAGE_REGISTRY_VERSION=${COMANAGE_REGISTRY_VERSION} \
- -t comanage-registry:${COMANAGE_REGISTRY_VERSION}-internet2-tier .
-popd
-```
-
-* Create directories to store local state files:
-
-```
-sudo mkdir -p /srv/docker/internet2-tier/srv/comanage-registry/local
-sudo mkdir -p /srv/docker/internet2-tier/var/lib/mysql
-sudo mkdir -p /srv/docker/internet2-tier/var/lib/ldap
-sudo mkdir -p /srv/docker/internet2-tier/etc/ldap/slapd.d
-```
-
-* Initialize Docker Swarm:
-
-```
-docker swarm init
-```
-
-* Hash a password to use as the LDAP admin password:
-
-```
-/usr/sbin/slappasswd -c '$6$rounds=5000$%.86s'
-```
-
-* Create Docker Swarm secrets (please be sure to substitute your own secrets):
-
-
-```
-echo "88cdfwOgQ1OblrHPNTyY" | docker secret create mysql_root_password -
-
-echo "5zY87knHxbP3sVQstRW2" | docker secret create mysql_password -
-
-echo "5zY87knHxbP3sVQstRW2" | docker secret create comanage_registry_database_user_password -
-
-echo "qselvrfaomxktlra" | docker secret create comanage_registry_email_account_password -
-
-docker secret create https_cert_file fullchain.pem
-
-docker secret create https_privkey_file privkey.pem
-
-docker secret create shibboleth_sp_cert sp-cert.pem
-
-docker secret create shibboleth_sp_privkey sp-key.pem
-
-echo '{CRYPT}$6$rounds=5000$HHDyV7yz4yn4FH/d$eAg9uXbSnxvCCTZ8GstprFryip3Br111tArqsIaBDCF2Rm7tciEivDLCjpcMVT7OL.Lg5QKjEUM.C5UA2DNuf1' \
- | docker secret create olc_root_pw -
-
-docker secret create slapd_cert_file cert.pem
-
-docker secret create slapd_privkey_file privkey.pem
-
-docker secret create slapd_chain_file chain.pem
-```
-
-* Create a Docker compose file:
-
-```
-version: '3.1'
-
-services:
- comanage-registry:
- image: comanage-registry:3.1.0-internet2-tier
- volumes:
- - /srv/docker/internet2-tier/srv/comanage-registry/local:/srv/comanage-registry/local
- environment:
- - COMANAGE_REGISTRY_DATASOURCE=Database/Mysql
- - COMANAGE_REGISTRY_DATABASE=registry
- - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database
- - COMANAGE_REGISTRY_DATABASE_USER=registry_user
- - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD_FILE=/run/secrets/comanage_registry_database_user_password
- - COMANAGE_REGISTRY_EMAIL_FROM=registry@some.org
- - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
- - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.some.org
- - COMANAGE_REGISTRY_EMAIL_PORT=465
- - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@some.org
- - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD_FILE=/run/secrets/comanage_registry_email_account_password
- - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Emma
- - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Sanchez
- - COMANAGE_REGISTRY_ADMIN_USERNAME=emma.sanchez@some.org
- - HTTPS_CERT_FILE=/run/secrets/https_cert_file
- - HTTPS_PRIVKEY_FILE=/run/secrets/https_privkey_file
- - SERVER_NAME=registry.some.org
- - SHIBBOLETH_SP_CERT=/run/secrets/shibboleth_sp_cert
- - SHIBBOLETH_SP_PRIVKEY=/run/secrets/shibboleth_sp_privkey
- secrets:
- - comanage_registry_database_user_password
- - comanage_registry_email_account_password
- - https_cert_file
- - https_privkey_file
- - shibboleth_sp_cert
- - shibboleth_sp_privkey
- networks:
- - default
- ports:
- - "80:80"
- - "443:443"
- logging:
- driver: syslog
- options:
- tag: "comanage_registry"
- deploy:
- replicas: 1
-
- comanage-registry-database:
- image: mariadb:10.2
- volumes:
- - /srv/docker/internet2-tier/var/lib/mysql:/var/lib/mysql
- environment:
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
- - MYSQL_DATABASE=registry
- - MYSQL_USER=registry_user
- - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- secrets:
- - mysql_root_password
- - mysql_password
- networks:
- - default
- logging:
- driver: syslog
- options:
- tag: "mariadb"
- deploy:
- replicas: 1
-
- comanage-registry-ldap:
- image: sphericalcowgroup/comanage-registry-slapd
- command: ["slapd", "-d", "256", "-h", "ldapi:/// ldap:/// ldaps:///", "-u", "openldap", "-g", "openldap"]
- volumes:
- - /srv/docker/development/var/lib/ldap:/var/lib/ldap
- - /srv/docker/development/etc/ldap/slapd.d:/etc/ldap/slapd.d
- environment:
- - SLAPD_CERT_FILE=/run/secrets/slapd_cert_file
- - SLAPD_PRIVKEY_FILE=/run/secrets/slapd_privkey_file
- - SLAPD_CHAIN_FILE=/run/secrets/slapd_chain_file
- - OLC_ROOT_PW_FILE=/run/secrets/olc_root_pw
- - OLC_SUFFIX=dc=sphericalcowgroup,dc=com
- - OLC_ROOT_DN=cn=admin,dc=sphericalcowgroup,dc=com
- secrets:
- - slapd_cert_file
- - slapd_privkey_file
- - slapd_chain_file
- - olc_root_pw
- networks:
- - default
- logging:
- driver: syslog
- options:
- tag: "openldap"
- ports:
- - "636:636"
- - "389:389"
- deploy:
- replicas: 1
-
-secrets:
- mysql_root_password:
- external: true
- mysql_password:
- external: true
- comanage_registry_database_user_password:
- external: true
- comanage_registry_email_account_password:
- external: true
- https_cert_file:
- external: true
- https_privkey_file:
- external: true
- shibboleth_sp_cert:
- external: true
- shibboleth_sp_privkey:
- external: true
- slapd_cert_file:
- external: true
- slapd_privkey_file:
- external: true
- slapd_chain_file:
- external: true
- olc_root_pw:
- external: true
-
-```
-
-* Start the services:
-
-```
-docker stack deploy comanage-registry
-```
-
-* Visit the [COmanage wiki](https://spaces.internet2.edu/display/COmanage/Setting+Up+Your+First+CO)
-to learn how to create your first collaborative organization (CO) and begin using
-the platform.
-
-* To stop the services:
-```
-docker stack rm comanage-registry
-```
-
-## Advanced Configuration Options
-
-* [Environment Variables](#environ)
-* [Apache HTTP ServerName](#servername)
-* [X.509 Certificates and Private Keys](#certskeys)
-* [Full Control](#full)
-
-## Environment Variables <a name="environ"></a>
-
-All deployment details for COmanage Registry may be configured using environment variables set for the container.
-The set of possible environment variables is listed below.
-
-The entrypoint scripts will attempt to use values from environment variables and if not
-present reasonable defaults will be used. *Note that some defaults like passwords are
-easily guessable and not suitable for production deployments*.
-
-For secrets such as passwords you may wish to use the environment variable with
-`_FILE` appended and set the value to a path. The entrypoint scripts will read the
-file to find the value to use. For example to set the database user password to the
-value `dEodxlXQE2dKl8own7T2` you can for the container either set the environment variable
-
-```
-COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=dEodxlXQE2dKl8own7T2
-```
-
-or instead ensure that inside the container the file
-`/db_password` contains
-on a single line the value `dEodxlXQE2dKl8own7T2` and then set the
-environment variable
-
-*When present an environment variable pointing to a file inside the container overrides
-an otherwise configured environment variable*.
-
-```
-COMANAGE_REGISTRY_DATABASE_USER_PASSWORD_FILE=/db_password
-```
-
-Some deployment details for the Shibboleth SP may be set using environment variables, but most
-deployments will prefer to mount or COPY in `/etc/shibboleth/shibboleth2.xml` to be able
-to configure SAML federation details.
-
-### COmanage Registry
-
-* COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:
- * Description: platform admin given name
- * Default: Registry
- * Example 1: Scott
- * Example 2: Himari
-
-* COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:
- * Description: platform admin family name
- * Default: Admin
- * Example 1: Koranda
- * Example 2: Tanaka
-
-* COMANAGE_REGISTRY_ADMIN_USERNAME:
- * Description: platform admin username identifier (often eduPersonPrincipalName)
- * Default: registry.admin
- * Example 1: scott.koranda@sphericalcowgroup.com
- * Example 2: himaritanaka@some.org
-
-* COMANAGE_REGISTRY_DATASOURCE
- * Description: database type
- * Default: Database/Postgres
- * Example 1: Database/Mysql
- * Example 2: Database/Postgres
-
-* COMANAGE_REGISTRY_DATABASE
- * Description: name of the database
- * Default: registry
- * Example 1: comanage_registry
- * Example 2: COmanageRegistryDB
-
-* COMANAGE_REGISTRY_DATABASE_HOST
- * Description: hostname of the database server
- * Default: comanage-registry-database
- * Example 1: comanage-registry-database
- * Example 2: my-db-container
-
-* COMANAGE_REGISTRY_DATABASE_USER
- * Description: database username
- * Default: registry_user
- * Example 1: comanage
- * Example 2: comanage_user
-
-* COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
- * Description: database user password
- * Default: password
- * Example 1: AFH9OiyuowiY3Wq6qX0j
- * Example 2: qVcsJPo7$@
-
-* COMANAGE_REGISTRY_EMAIL_FROM
- * Description: default From used by Registry for sending email
- * Default: none
- * Example 1: registry@some.org
- * Example 2: skoranda@gmail.com
-
-* COMANAGE_REGISTRY_EMAIL_TRANSPORT
- * Description: email transport mechanism
- * Default: Smtp
- * Example 1: Smtp
- * Example 2: MyCustom
-
-* COMANAGE_REGISTRY_EMAIL_PORT
- * Description: email transport port
- * Default: 465
- * Example 1: 465
- * Example 2: 25
-
-* COMANAGE_REGISTRY_EMAIL_HOST
- * Description: email server host
- * Default: tls://smtp.gmail.com
- * Example 1: smtp.my.org
- * Example 2: mail.some.org
-
-* COMANAGE_REGISTRY_EMAIL_ACCOUNT
- * Description: email server account
- * Default: none
- * Example 1: skoranda@gmail.com
- * Example 2: registry_email_sender
-
-* COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
- * Description: email server account password
- * Default: none
- * Example 1: 82P3mt1T0PByZRHNQ6he
- * Example 2: ak&&u1$@
-
-* COMANAGE_REGISTRY_SECURITY_SALT
- * Description: security salt value
- * Default: auto-generated at initial deployment if not specified
- * Example 1: wciEjD1KbX9Q8nB3YdWItFuzEoRdf6l5BpoCuTHm
- * Example 2: JpmKTdO88NX6RsCIVnru6hV79zKOfvjGk0tTG0Cb
-
-* COMANAGE_REGISTRY_SECURITY_SEED
- * Description: security seed value
- * Default: auto-generated at initial deployment if not specified
- * Example 1: 32616298446590535751260992683
- * Example 2: 21812581423282761029813528278
-
-* HTTPS_CERT_FILE
- * Description: X.509 certificate and CA chain in PEM format for use with Apache HTTP Server to serve HTTPS
- * Default: self-signed auto-generated certificate
-
-* HTTPS_KEY_FILE
- * Description: Associated private key for HTTPS in PEM format
- * Default: private key for self-signed auto-generated certificate
-
-* SERVER_NAME
- * Description: ServerName for Apache HTTP Server virtual host configuration
- * Default: none, parsed from X.509 certificate if not defined
- * Example 1: registry.some.org
- * Example 2: comanage.my.edu
-
-### MariaDB
-
-* MYSQL_ROOT_PASSWORD
- * Description: password for root user
- * Default: none
- * Example 1: ukZd7IZDRfOqgF82938A
- * Example 2: 28hvua3%,2
-
-* MYSQL_DATABASE
- * Description: name of the database, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: comanage_registry
- * Example 2: COmanageRegistryDB
-
-* MYSQL_USER:
- * Description: database username, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: comanage
- * Example 2: comanage_user
-
-* MYSQL_PASSWORD_FILE:
- * Description: database user password, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: AFH9OiyuowiY3Wq6qX0j
- * Example 2: qVcsJPo7$@
-
-### Shibboleth SP
-
-* SHIBBOLETH_SP_CERT
- * Description: SAML certificate
- * Default: self-signed per-image, must be copied out to persist
-
-* SHIBBOLETH_SP_ENTITY_ID
- * Description: entityID for SP
- * Default: none
- * Example 1: https://comanage.registry/shibboleth
- * Example 2: https://my.org/comanage
-
-* SHIBBOLETH_SP_METADATA_PROVIDER_XML
- * Description: Shibboleth SP metadata provider element
- * Default: none
-
-* SHIBBOLETH_SP_PRIVKEY
- * Description: SAML private key
- * Default: self-signed per-image, must be copied out to persist
-
-* SHIBBOLETH_SP_SAMLDS_URL
- * Description: URL for SAML IdP discovery service
- * Default: none
- * Example 1: https://my.org/registry/pages/eds/index
- * Exammple 2: https://discovery.my.org
-
-### OpenLDAP slapd
-
-* OLC_ROOT_DN
- * Description: DN for the administrator
- * Default: cn=admin,dc=my,dc=org
- * Exammle 1: cn=admin,dc=some,dc=edu
- * Example 2: cn=admin,ou=service,dc=my,dc=org
-
-* OLC_ROOT_PW
- * Description: hashed password for root DN
- * Default: none
- * Example 1: See compose file above
-
-* OLC_SUFFIX
- * Description: Suffix for the directory
- * Default: dc=my,dc=org
- * Example 1: dc=some,dc=edu
- * Example 2: o=unit,dc=my,dc=org
-
-* SLAPD_CERT_FILE
- * Description: X.509 certificate in PEM format for use with OpenLDAP Server to serve ldaps://
- * Default: none
-
-* SLAPD_CHAIN_FILE
- * Description: CA certificate chain in PEM format
- * Default: none
-
-* SLAPD_KEY_FILE
- * Description: Associated private key for ldaps:// in PEM format
- * Default: none
-
-## X.509 Certificates and Private Keys <a name="certskeys"></a>
-
-### COmanage Registry
-
-The certificate and private key files used for HTTPS may
-be injected into the COmanage Registry container using environment variables
-to point to files mounted into the container. The certificate file should
-include the server certificate and any intermediate CA signing certificates
-sorted from leaf to root.
-
-Alternatively you can directly mount files in the container to
-
-```
-/etc/apache2/cert.pem
-/etc/apache2/privkey.pem
-```
-
-If no files are configured the containers use self-signed certificates
-for HTTPS by default.
-
-### Shibboleth SP
-
-The SAML certificate and private key used for decryption (and sometimes signing)
-by the Shibboleth SP may be injected into the COmanage Registry container using
-environment variables to point to files mounted into the container.
-
-Alternatively you can directly mount files in the container to
-
-```
-/etc/shibboleth/sp-cert.pem
-/etc/shibboleth/sp-key.pem
-```
-
-If no files are configured the container uses a default self-signed certificate
-*this is the same for all images and not suitable for production*.
-
-### OpenLDAP slapd
-
-The certificate, private key, and CA signing file or chain file used for TLS
-(port 636 by default) may
-be injected into the OpenLDAP slapd container using environment variables
-to point to files mounted into the container.
-
-## ServerName <a name="servername"></a>
-
-The entrypoint scripts will attempt to parse the appropriate value for the
-Apache HTTP Server configuration option `ServerName` from the X.509 certificate
-provided for HTTPS.
-
-To override the parsing a deployer may explicitly set the environment variable
-`SERVER_NAME`.
-
-## Full control <a name="full"></a>
-
-Deployers needing full control may inject configuration and deployment details directly.
-The entrypoint scripts will *not* overwrite any details found so directly injected
-details always override environment variables.
-
-### COmanage Registry
-
-COmanage Registry expects to find all local configuration details
-in the container at `/srv/comanage-registry/local`. A deployer may therefore mount
-a directory at that location to provide any and all configuration details. Note, however,
-that Registry expects to find a particular directory structure under
-`/srv/comanage-registry/local` and will not function properly if the structure is not
-found. The entrypoint script will create the necessary structure if it does not find it
-so it is recommended to mount an empty directory for the first deployment, let the
-entrypoint script create the structure, then later adjust the details as necessary
-for your deployment.
-
-### Shibboleth SP
-
-All Shibboleth SP configuration is available inside the container in
-`/etc/shibboleth`. A deployer may therefore mount into that directory any
-necessary adjustment to the Shibboleth configuration, such as static metadata
-files, metadata signing certificates, or advanced attribute filtering
-configurations.
-
-A default set of all configuration files is available in the image.
-
-### OpenLDAP slapd
-
-Since slapd is configured dynamically using standard LDAP operations on the
-configuration directory (`cn=config`) the most straightforward way to inject
-advanced configuration details at the time the container is *created* is
-to customize the entrypoint script.
diff --git a/common.bash b/common.bash
index 5b0a486..788cb62 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,18 @@
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
maintainer="tier"
imagename="comanage"
-COMANAGE_REGISTRY_VERSION="3.1.1"
+version="3.1.1"
diff --git a/container_files/bin/cleanup.sh b/container_files/bin/cleanup.sh
new file mode 100755
index 0000000..5500b98
--- /dev/null
+++ b/container_files/bin/cleanup.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log=/opt/log/cleanup.log
+
+date >> $log
+
+echo "Cleaning firsttimerunning" >> $log
+
+rm /tmp/firsttimerunning
+
+
diff --git a/container_files/bin/configure.sh b/container_files/bin/configure.sh
new file mode 100755
index 0000000..715fa42
--- /dev/null
+++ b/container_files/bin/configure.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+log="/opt/log/start-configure.log"
+set -e
+echo "Configuring" > $log
+/opt/bin/configure_httpd.sh >> $log
+/opt/bin/configure_shibd.sh >> $log
+/opt/bin/configure_php.sh >> $log
+
+
+
diff --git a/container_files/bin/configure_httpd.sh b/container_files/bin/configure_httpd.sh
new file mode 100755
index 0000000..b02ac3d
--- /dev/null
+++ b/container_files/bin/configure_httpd.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log="/opt/log/httpd.log"
+date >> $log
+echo "Configuring httpd: " >> $log
+echo "Parsing COMANAGE_SERVER_FQDN to $COMANAGE_SERVER_FQDN in virtualhost 80 and 443" >> $log
+sed -i "s|COMANAGE_SERVER_FQDN|$COMANAGE_SERVER_FQDN|g" /opt/etc/httpd/conf.d/virtual_host_80.conf >> $log
+sed -i "s|COMANAGE_SERVER_FQDN|$COMANAGE_SERVER_FQDN|g" /opt/etc/httpd/conf.d/virtual_host_443.conf >> $log
+echo "virtualhost parsed" >> $log
+if [[ $CHANGE_TO_SSL_HTTPD_KEY && ${CHANGE_TO_SSL_HTTPD_KEY-x} ]]; then
+ echo "Parsing CHANGE_TO_SSL_HTTPD_KEY to $CHANGE_TO_SSL_HTTPD_KEY in virtual host 443" >> $log
+ sed -i "s|CHANGE_TO_SSL_HTTPD_KEY|$CHANGE_TO_SSL_HTTPD_KEY|g" /opt/etc/httpd/conf.d/virtual_host_443.conf >> $log
+ echo "key parsed in virtualhost 443" >> $log
+else
+ echo "CHANGE_TO_SSL_HTTPD_KEY variable is not used" >> $log
+fi
+if [[ $CHANGE_TO_SSL_HTTPD_CERT && ${CHANGE_TO_SSL_HTTPD_CERT-x} ]]; then
+ echo "Parsing CHANGE_TO_SSL_HTTPD_CERT to $CHANGE_TO_SSL_HTTPD_CERT in virtualhost 443" >> $log
+ sed -i "s|CHANGE_TO_SSL_HTTPD_CERT|$CHANGE_TO_SSL_HTTPD_CERT|g" /opt/etc/httpd/conf.d/virtual_host_443.conf >> $log
+ echo "httpd cert parsed in virtualhost 443" >> $log
+else
+ echo "CHANGE_TO_SSL_HTTPD_CERT variable is not used" >> $log
+fi
+
+echo "Removing Listen 80 in httpd.conf" >> $log
+sed -i 's/^Listen 80$//' /etc/httpd/conf/httpd.conf
+date >> $log
+echo "Configuration of httpd completed " >> $log
diff --git a/container_files/bin/configure_php.sh b/container_files/bin/configure_php.sh
new file mode 100755
index 0000000..db0bd55
--- /dev/null
+++ b/container_files/bin/configure_php.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log="/opt/log/php.log"
+date >> $log
+echo "Configuring php: " >> $log
+
+echo " " >> $log
+echo "Checking variables before configuring config files " >> $log
+
+if [[ $MYSQL_HOST && ${MYSQL_HOST-x} ]] && [[ $MYSQL_USER && ${MYSQL_USER-x} ]] && [[ $MYSQL_PASSWORD && ${MYSQL_PASSWORD-x} ]] && [[ $MYSQL_DATABASE && ${MYSQL_DATABASE-x} ]] && [[ $COMANAGE_MAIL_FROM && ${COMANAGE_MAIL_FROM-x} ]] && [[ $COMANAGE_MAIL_HOST && ${COMANAGE_MAIL_HOST-x} ]] && [[ $COMANAGE_MAIL_PORT && ${COMANAGE_MAIL_PORT-x} ]] && [[ $COMANAGE_MAIL_USER && ${COMANAGE_MAIL_USER-x} ]] && [[ $COMANAGE_MAIL_PASS && ${COMANAGE_MAIL_PASS-x} ]]; then
+ sed -i "s|CHANGE_TO_ENV_MYSQL_HOST|$MYSQL_HOST|g" /opt/etc/php/database.php
+ sed -i "s|CHANGE_TO_ENV_MYSQL_USERNAME|$MYSQL_USER|g" /opt/etc/php/database.php
+ sed -i "s|CHANGE_TO_ENV_MYSQL_PASSWORD|$MYSQL_PASSWORD|g" /opt/etc/php/database.php
+ sed -i "s|CHANGE_TO_ENV_MYSQL_TABLE|$MYSQL_DATABASE|g" /opt/etc/php/database.php
+ sed -i "s|CHANGE_TO_COMANAGE_MAIL_FROM|$COMANAGE_MAIL_FROM|g" /opt/etc/php/email.php
+ sed -i "s|CHANGE_TO_COMANAGE_MAIL_HOST|$COMANAGE_MAIL_HOST|g" /opt/etc/php/email.php
+ sed -i "s|CHANGE_TO_COMANAGE_MAIL_PORT|$COMANAGE_MAIL_PORT|g" /opt/etc/php/email.php
+ sed -i "s|CHANGE_TO_COMANAGE_MAIL_USER|$COMANAGE_MAIL_USER|g" /opt/etc/php/email.php
+ sed -i "s|CHANGE_TO_COMANAGE_MAIL_PASS|$COMANAGE_MAIL_PASS|g" /opt/etc/php/email.php
+ echo "Variables process was completed without any error" >> $log
+else
+ echo "Variables are not totally filled so no configuration was performed" >> $log
+
+fi
+date >> $log
+echo "Preparing for cache" >> $log
+mkdir -p /var/cache/registry/cache/persistent && \
+mkdir -p /var/cache/registry/cache/models && \
+mkdir -p /var/cache/registry/logs && \
+mkdir -p /var/cache/registry/sessions && \
+mkdir -p /var/cache/registry/tests && \
+chmod -R 700 /var/cache/registry && \
+chown -R apache:apache /var/cache/registry && \
+chown -R apache:apache /opt/comanage/comanage-registry-$VERSION/local
+echo "Cache status: " >> $log
+ls -la /opt/comanage/comanage-registry-$VERSION/local/tmp/cache >> $log
+
+date >> $log
+if [ -z ${COMPOSE+x} ];then
+ echo "Comanage is not composed no database configuration will be perform" >> $log
+else
+ echo "Comanage is composed. Checking variables to Configure first database data" >> $log
+ if [[ $ADMIN_GIVEN_NAME && ${ADMIN_GIVEN_NAME-x} ]] && [[ $ADMIN_FAMILY_NAME && ${ADMIN_FAMILY_NAME-x} ]] && [[ $ADMIN_EPPN && ${ADMIN_EPPN-x} ]] && [[ $VERSION && ${VERSION-x} ]]; then
+ echo "Variables are ok" >> $log
+ echo "Doing first configuration in database data" >> $log
+ cd /opt/comanage/comanage-registry-$VERSION/app
+ ./Console/cake database >> $log
+ laststatus=$?
+ echo "Composed status: $laststatus" >> $log
+ if [ "$laststatus" != "0" ]; then
+ echo "Not composed non-zero exit status: $laststatus" >> $log
+ echo "Console cake database script failed" >> $log
+ exit 1
+ fi
+ date >> $log
+ echo "First database input was completed without any error" >> $log
+ echo "Doing variable parsing" >> $log
+ sed -i "s|ADMIN_GIVEN_NAME|$ADMIN_GIVEN_NAME|g" /opt/bin/configure_php_user.sh
+ sed -i "s|ADMIN_FAMILY_NAME|$ADMIN_FAMILY_NAME|g" /opt/bin/configure_php_user.sh
+ sed -i "s|ADMIN_EPPN|$ADMIN_EPPN|g" /opt/bin/configure_php_user.sh
+ /opt/bin/configure_php_user.sh
+ laststatus=$?
+ if [ "$laststatus" != "0" ]; then
+ echo "Not composed non-zero exit status: $laststatus" >> $log
+ echo "Console cake database setup script failed" >> $log
+ exit 1
+ fi
+ date >> $log
+ echo "Configuration of database was completed" >> $log
+ else
+ echo "Variables were not provided . Configuration of database is not possible" >> $log
+ date >> $log
+ fi
+
+fi
diff --git a/container_files/bin/configure_php_user.sh b/container_files/bin/configure_php_user.sh
new file mode 100755
index 0000000..4c1bb29
--- /dev/null
+++ b/container_files/bin/configure_php_user.sh
@@ -0,0 +1,33 @@
+#!/bin/bash -x
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log=/opt/log/php-user.sh
+
+date >> $log
+
+schema=$( mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -h "$MYSQL_HOST" $MYSQL_DATABASE -e 'desc cm_users' )
+laststatus=$?
+
+if [ ! $laststatus -eq 0 ]; then
+ cd /opt/comanage/comanage-registry-$VERSION/app
+ echo "Performing database user setup" >> $log
+ ./Console/cake setup --admin-given-name ADMIN_NAME --admin-family-name ADMIN_FAMILY --admin-username ADMIN_USERNAME --enable-pooling=No --force >> $log
+else
+ echo "table cm_users exists, skipping provisioning" >> $log
+fi
+
+
+
diff --git a/container_files/bin/configure_shibd.sh b/container_files/bin/configure_shibd.sh
new file mode 100755
index 0000000..392c8e0
--- /dev/null
+++ b/container_files/bin/configure_shibd.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log="/opt/log/shibd.log"
+date >> $log
+echo "Configuring shibd: " > $log
+if [[ $COMANAGE_SERVER_FQDN && ${COMANAGE_SERVER_FQDN-x} ]]; then
+ echo "Parsing COMANAGE_SERVER_FQDN to $COMANAGE_SERVER_FQDN in /etc/opt/shibboleth/shibboleth2.xml" >> $log
+ sed -i "s|COMANAGE_SERVER_FQDN|$COMANAGE_SERVER_FQDN|g" /opt/etc/shibboleth/shibboleth2.xml
+ echo "shibboleth2.xml parsed" >> $log
+else
+ echo "Variable COMANAGE_SERVER_FQDN not found" >> $log
+fi
+echo "Shibboleth xml parsing finish" >> $log
+date >> $log
diff --git a/container_files/bin/main.sh b/container_files/bin/main.sh
new file mode 100755
index 0000000..845b2e0
--- /dev/null
+++ b/container_files/bin/main.sh
@@ -0,0 +1,34 @@
+#!/bin/bash -x
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log="/opt/log/start-main.log"
+
+echo "Starting Container: " > $log
+date >> $log
+echo "" >> $log
+
+if [ -e "/tmp/firsttimerunning" ]; then
+
+ set -e
+
+ /opt/bin/configure.sh >> $log
+
+ /opt/bin/cleanup.sh >> $log
+
+else
+ echo "COmanage container has run." >> $log
+ echo "If there are problems, docker rm this container and try again." >> $log
+fi
diff --git a/container_files/bin/start.sh b/container_files/bin/start.sh
new file mode 100755
index 0000000..5dab793
--- /dev/null
+++ b/container_files/bin/start.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+log="/tmp/start-starting.log"
+date >> $log
+
+if [ -z ${COMPOSE+x} ]
+then
+ echo "Not composed so not waiting for MariaDB: " > $log
+ /opt/bin/main.sh
+ laststatus="$?"
+ echo "Not composed status: $laststatus"
+ if [ "$laststatus" != "0" ]; then
+ echo "Not composed non-zero exit status: $laststatus" >> $log
+ echo "Not composed non-zero exit status: $laststatus"
+ /opt/autoexec/bin/firstrun.sh
+ exit 1
+ else
+ echo "COmanage was configured" >>$log
+ echo "COmanage was configured"
+ echo "Starting apache and shibd" >>$log
+ echo "Starting apache shibd"
+ /opt/autoexec/bin/firstrun.sh
+ /usr/local/bin/httpd-shib-foreground
+ fi
+else
+ echo "Composed so waiting for MariaDB: " > $log
+ date >> $log
+ echo "Testing connectivity to database before continue with install" >> $log
+ echo "Testing connectivity to database before continue with install"
+ /opt/wait-for-it/wait-for-it.sh $MYSQL_HOST:3306 -t $WAIT_TIME --strict -- /opt/bin/main.sh >> $log
+ laststatus="$?"
+ echo "main.sh last status: $laststatus"
+ if [ "$laststatus" != "0" ]; then
+ echo "composed non-zero exit status: $laststatus" >> $log
+ echo "composed non-zero exit status: $laststatus"
+ /opt/autoexec/bin/firstrun.sh
+ exit 1
+ else
+ date >> $log
+ echo "COmanage was configured" >>$log
+ echo "COmanage was configured"
+ echo "Starting apache and shibd" >>$log
+ echo "Starting apache shibd"
+ /opt/autoexec/bin/firstrun.sh
+ /usr/local/bin/httpd-shib-foreground
+ fi
+fi
diff --git a/container_files/etc/httpd/conf.d/handlers.conf b/container_files/etc/httpd/conf.d/handlers.conf
new file mode 100644
index 0000000..05d54f4
--- /dev/null
+++ b/container_files/etc/httpd/conf.d/handlers.conf
@@ -0,0 +1,18 @@
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+AddType text/html .php
+php_value session.save_handler "files"
+php_value session.save_path "/var/lib/php/session"
diff --git a/container_files/etc/httpd/conf.d/ports.conf b/container_files/etc/httpd/conf.d/ports.conf
new file mode 100644
index 0000000..c7e9070
--- /dev/null
+++ b/container_files/etc/httpd/conf.d/ports.conf
@@ -0,0 +1,17 @@
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+Listen 80 http
+Listen 443 https
diff --git a/container_files/etc/httpd/conf.d/virtual_host_443.conf b/container_files/etc/httpd/conf.d/virtual_host_443.conf
new file mode 100644
index 0000000..528739c
--- /dev/null
+++ b/container_files/etc/httpd/conf.d/virtual_host_443.conf
@@ -0,0 +1,99 @@
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+<VirtualHost _default_:443>
+ServerName https://COMANAGE_SERVER_FQDN:443
+UseCanonicalName On
+Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+SSLEngine on
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLHonorCipherOrder on
+SSLCompression off
+SSLCertificateFile /opt/httpd/ssl/CHANGE_TO_SSL_HTTPD_CERT
+SSLCertificateKeyFile /opt/httpd/ssl/CHANGE_TO_SSL_HTTPD_KEY
+
+# Optional parameter that will only be uncommented on initialization
+# if the file exists:
+#SSLCertificateChainFile CHANGE_TO_SSL_HTTPD_CHAIN
+
+BrowserMatch "MSIE [2-5]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+
+<Directory />
+ AllowOverride none
+ Require all denied
+</Directory>
+
+DocumentRoot "/var/www/html"
+
+<Directory "/var/www">
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory "/var/www/html">
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory "/var/www/html/registry">
+ Options Indexes FollowSymLinks MultiViews
+ DirectoryIndex index.php
+ AllowOverride All
+ Require all granted
+</Directory>
+
+ShibCompatValidUser Off
+<Location "/Shibboleth.sso">
+ AuthType None
+ Require all granted
+</Location>
+
+<Location "/shibboleth-sp">
+ AuthType None
+ Require all granted
+</Location>
+Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
+
+<Directory "/var/www/html/registry/auth/login">
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ Require shib-session
+</Directory>
+
+Redirect "/registry/users/logout" "https://COMANAGE_SERVER_FQDN/Shibboleth.sso/Logout?return=https%3A//COMANAGE_SERVER_FQDN/registry/"
+
+<FilesMatch \.php$>
+ SetHandler application/x-httpd-php
+</FilesMatch>
+
+<Files ".ht*">
+ Require all denied
+</Files>
+
+</VirtualHost>
diff --git a/container_files/etc/httpd/conf.d/virtual_host_80.conf b/container_files/etc/httpd/conf.d/virtual_host_80.conf
new file mode 100644
index 0000000..4e29838
--- /dev/null
+++ b/container_files/etc/httpd/conf.d/virtual_host_80.conf
@@ -0,0 +1,20 @@
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+<VirtualHost _default_:80>
+ServerName http://COMANAGE_SERVER_FQDN:80
+UseCanonicalName On
+RedirectMatch (.*) https://COMANAGE_SERVER_FQDN$1
+</VirtualHost>
diff --git a/container_files/etc/httpd/conf/httpd.conf b/container_files/etc/httpd/conf/httpd.conf
new file mode 100644
index 0000000..f6d8cf1
--- /dev/null
+++ b/container_files/etc/httpd/conf/httpd.conf
@@ -0,0 +1,12 @@
+ServerRoot "/etc/httpd"
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+AddDefaultCharset UTF-8
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+IncludeOptional conf.d/*.conf
diff --git a/container_files/etc/php/EmailShell.php b/container_files/etc/php/EmailShell.php
new file mode 100644
index 0000000..0bb978d
--- /dev/null
+++ b/container_files/etc/php/EmailShell.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * COmanage SMTP email test shell
+ *
+ * Copyright (C) 2012 University Corporation for Advanced Internet Development, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ *
+ * @copyright Copyright (C) 2012 University Corporation for Advanced Internet Development, Inc.
+ * @link http://www.internet2.edu/comanage COmanage Project
+ * @package registry
+ * @since COmanage Registry v0.7
+ * @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * @version $Id$
+ */
+
+App::uses('CakeEmail', 'Network/Email');
+
+class EmailShell extends AppShell {
+ function main()
+ {
+
+ $email = new CakeEmail('default');
+
+ $email->emailFormat('text')
+ ->to('skoranda@uwm.edu')
+ ->subject('test')
+ ->send('Hello');
+
+ $email->send();
+
+ }
+}
diff --git a/container_files/etc/php/database.php b/container_files/etc/php/database.php
new file mode 100644
index 0000000..114d41e
--- /dev/null
+++ b/container_files/etc/php/database.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * This is core configuration file.
+ *
+ * Use it to configure core behaviour of Cake.
+ *
+ * PHP 5
+ *
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link http://cakephp.org CakePHP(tm) Project
+ * @package app.Config
+ * @since CakePHP(tm) v 0.2.9
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+/**
+ * In this file you set up your database connection details.
+ *
+ * @package cake.config
+ */
+/**
+ * Database configuration class.
+ * You can specify multiple configurations for production, development and testing.
+ *
+ * datasource => The name of a supported datasource; valid options are as follows:
+ * Database/Mysql - MySQL 4 & 5,
+ * Database/Sqlite - SQLite (PHP5 only),
+ * Database/Postgres - PostgreSQL 7 and higher,
+ * Database/Sqlserver - Microsoft SQL Server 2005 and higher
+ *
+ * You can add custom database datasources (or override existing datasources) by adding the
+ * appropriate file to app/Model/Datasource/Database. Datasources should be named 'MyDatasource.php',
+ *
+ *
+ * persistent => true / false
+ * Determines whether or not the database should use a persistent connection
+ *
+ * host =>
+ * the host you connect to the database. To add a socket or port number, use 'port' => #
+ *
+ * prefix =>
+ * Uses the given prefix for all the tables in this database. This setting can be overridden
+ * on a per-table basis with the Model::$tablePrefix property.
+ *
+ * schema =>
+ * For Postgres specifies which schema you would like to use the tables in. Postgres defaults to 'public'.
+ *
+ * encoding =>
+ * For MySQL, Postgres specifies the character encoding to use when connecting to the
+ * database. Uses database default not specified.
+ *
+ * unix_socket =>
+ * For MySQL to connect via socket specify the `unix_socket` parameter instead of `host` and `port`
+ */
+class DATABASE_CONFIG {
+
+ public $default = array(
+ 'datasource' => 'Database/Mysql',
+ 'persistent' => false,
+ 'host' => 'CHANGE_TO_ENV_MYSQL_HOST',
+ 'login' => 'CHANGE_TO_ENV_MYSQL_USERNAME',
+ 'password' => 'CHANGE_TO_ENV_MYSQL_PASSWORD',
+ 'database' => 'CHANGE_TO_ENV_MYSQL_TABLE',
+ 'prefix' => 'cm_',
+ //'encoding' => 'utf8',
+ );
+
+ public $test = array(
+ 'datasource' => 'Database/Mysql',
+ 'persistent' => false,
+ 'host' => 'CHANGE_TO_ENV_MYSQL_HOST',
+ 'login' => 'CHANGE_TO_ENV_MYSQL_USERNAME',
+ 'password' => 'CHANGE_TO_ENV_MYSQL_PASSWORD',
+ 'database' => 'CHANGE_TO_ENV_MYSQL_TABLE',
+ 'prefix' => 'cm_',
+ //'encoding' => 'utf8',
+ );
+}
diff --git a/container_files/etc/php/email.php b/container_files/etc/php/email.php
new file mode 100644
index 0000000..9260909
--- /dev/null
+++ b/container_files/etc/php/email.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * This is email configuration file.
+ *
+ * Use it to configure email transports of Cake.
+ *
+ * PHP 5
+ *
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link http://cakephp.org CakePHP(tm) Project
+ * @package app.Config
+ * @since CakePHP(tm) v 2.0.0
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+/**
+ * In this file you set up your send email details.
+ *
+ * @package cake.config
+ */
+/**
+ * Email configuration class.
+ * You can specify multiple configurations for production, development and testing.
+ *
+ * transport => The name of a supported transport; valid options are as follows:
+ * Mail - Send using PHP mail function
+ * Smtp - Send using SMTP
+ * Debug - Do not send the email, just return the result
+ *
+ * You can add custom transports (or override existing transports) by adding the
+ * appropriate file to app/Network/Email. Transports should be named 'YourTransport.php',
+ * where 'Your' is the name of the transport.
+ *
+ * from =>
+ * The origin email. See CakeEmail::from() about the valid values
+ *
+ */
+class EmailConfig {
+
+ public $default = array(
+ 'transport' => 'Smtp',
+ 'from' => 'CHANGE_TO_COMANAGE_MAIL_FROM',
+ 'host' => 'CHANGE_TO_COMANAGE_MAIL_HOST',
+ 'port' => CHANGE_TO_COMANAGE_MAIL_PORT,
+ 'username' => 'CHANGE_TO_COMANAGE_MAIL_USER',
+ 'password' => 'CHANGE_TO_COMANAGE_MAIL_PASS'
+ //'charset' => 'utf-8',
+ //'headerCharset' => 'utf-8',
+ );
+
+ public $smtp = array(
+ 'transport' => 'Smtp',
+ 'from' => array('site@localhost' => 'My Site'),
+ 'host' => 'localhost',
+ 'port' => 25,
+ 'timeout' => 30,
+ 'username' => 'user',
+ 'password' => 'secret',
+ 'client' => null,
+ 'log' => false
+ //'charset' => 'utf-8',
+ //'headerCharset' => 'utf-8',
+ );
+
+ public $fast = array(
+ 'from' => 'you@localhost',
+ 'sender' => null,
+ 'to' => null,
+ 'cc' => null,
+ 'bcc' => null,
+ 'replyTo' => null,
+ 'readReceipt' => null,
+ 'returnPath' => null,
+ 'messageId' => true,
+ 'subject' => null,
+ 'message' => null,
+ 'headers' => null,
+ 'viewRender' => null,
+ 'template' => false,
+ 'layout' => false,
+ 'viewVars' => null,
+ 'attachments' => null,
+ 'emailFormat' => null,
+ 'transport' => 'Smtp',
+ 'host' => 'localhost',
+ 'port' => 25,
+ 'timeout' => 30,
+ 'username' => 'user',
+ 'password' => 'secret',
+ 'client' => null,
+ 'log' => true,
+ //'charset' => 'utf-8',
+ //'headerCharset' => 'utf-8',
+ );
+
+}
diff --git a/container_files/etc/shibboleth/attribute-map.xml b/container_files/etc/shibboleth/attribute-map.xml
new file mode 100644
index 0000000..ea6fb45
--- /dev/null
+++ b/container_files/etc/shibboleth/attribute-map.xml
@@ -0,0 +1,49 @@
+<!--
+* Licensed to the University Corporation for Advanced Internet Development,
+ * Inc. (UCAID) under one or more contributor license agreements. See the
+ * NOTICE file distributed with this work for additional information regarding
+* copyright ownership. The UCAID licenses this file to You under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+
+<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
+ <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
+ </Attribute>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
+ <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
+ </Attribute>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
+ <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+ </Attribute>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
+
+ <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
+ <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
+ </Attribute>
+
+ <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
+ <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
+ </Attribute>
+
+ <Attribute name="urn:oid:2.5.4.4" id="sn"/>
+ <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
+ <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
+ <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
+ <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
+ <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
+
+</Attributes>
diff --git a/container_files/etc/shibboleth/inc-md-cert.pem b/container_files/etc/shibboleth/inc-md-cert.pem
new file mode 100644
index 0000000..5ec4ec6
--- /dev/null
+++ b/container_files/etc/shibboleth/inc-md-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
+IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
+WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
+b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
+g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
+CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
+/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
+TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
+C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
+WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
+Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
+AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
+CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
+GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
+-----END CERTIFICATE-----
diff --git a/container_files/etc/shibboleth/shibboleth2.xml b/container_files/etc/shibboleth/shibboleth2.xml
new file mode 100644
index 0000000..7508e90
--- /dev/null
+++ b/container_files/etc/shibboleth/shibboleth2.xml
@@ -0,0 +1,72 @@
+<!--
+* Licensed to the University Corporation for Advanced Internet Development,
+ * Inc. (UCAID) under one or more contributor license agreements. See the
+ * NOTICE file distributed with this work for additional information regarding
+* copyright ownership. The UCAID licenses this file to You under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+-->
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ clockSkew="180">
+
+ <ApplicationDefaults entityID="https://COMANAGE_SERVER_FQDN/shibboleth"
+ REMOTE_USER="eppn persistent-id targeted-id">
+
+ <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
+ checkAddress="false" handlerSSL="true" cookieProps="https">
+
+ <SSO discoveryProtocol="SAMLDS" discoveryURL="https://COMANAGE_SERVER_FQDN/registry/pages/eds/index">
+ SAML2
+ </SSO>
+
+ <Logout>SAML2 Local</Logout>
+
+ <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+ <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
+
+ <Handler type="Session" Location="/Session" showAttributeValues="false"/>
+
+ <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
+ </Sessions>
+
+ <Errors supportContact="root@localhost"
+ helpLocation="/about.html"
+ styleSheet="/shibboleth-sp/main.css"/>
+
+ <MetadataProvider type="XML" url="http://md.incommon.org/InCommon/InCommon-metadata.xml" backingFilePath="InCommon-metadata.xml" maxRefreshDelay="28800" legacyOrgNames="true">
+ <MetadataFilter type="Signature" certificate="/etc/shibboleth/inc-md-cert.pem"/>
+ <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200" />
+ <MetadataFilter type="Blacklist" matcher="EntityAttributes">
+ <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
+ </saml:Attribute>
+ </MetadataFilter>
+ </MetadataProvider>
+
+ <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
+
+ <AttributeResolver type="Query" subjectMatch="true"/>
+
+ <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
+
+ <CredentialResolver type="File" key="/opt/shibboleth/ssl/sp-key.pem" certificate="/opt/shibboleth/ssl/sp-cert.pem"/>
+
+ </ApplicationDefaults>
+
+ <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
+
+ <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
+
+</SPConfig>
diff --git a/container_files/etc/shibboleth/shibboleth_keygen.sh b/container_files/etc/shibboleth/shibboleth_keygen.sh
new file mode 100755
index 0000000..bccf866
--- /dev/null
+++ b/container_files/etc/shibboleth/shibboleth_keygen.sh
@@ -0,0 +1,89 @@
+#! /bin/sh
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+while getopts h:u:g:o:e:y:bf c
+ do
+ case $c in
+ o) OUT=$OPTARG;;
+ b) BATCH=1;;
+ f) FORCE=1;;
+ h) FQDN=$OPTARG;;
+ e) ENTITYID=$OPTARG;;
+ y) YEARS=$OPTARG;;
+ \?) echo "shibboleth_keygen [-o output directory (default .)] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]"
+ exit 1;;
+ esac
+ done
+if [ -z "$OUT" ] ; then
+ OUT=.
+fi
+
+if [ -n "$FORCE" ] ; then
+ rm $OUT/sp-key.pem $OUT/sp-cert.pem
+fi
+
+if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
+ if [ -z "$BATCH" ] ; then
+ echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist!
+ echo Use -f option to force recreation of keypair.
+ exit 2
+ fi
+ exit 0
+fi
+
+if [ -z "$FQDN" ] ; then
+ FQDN=`hostname --fqdn`
+fi
+
+if [ -z "$YEARS" ] ; then
+ YEARS=10
+fi
+
+DAYS=`expr $YEARS \* 365`
+
+if [ -z "$ENTITYID" ] ; then
+ ALTNAME=DNS:$FQDN
+else
+ ALTNAME=DNS:$FQDN,URI:$ENTITYID
+fi
+
+SSLCNF=$OUT/sp-cert.cnf
+cat >$SSLCNF <<EOF
+# OpenSSL configuration file for creating sp-cert.pem
+[req]
+prompt=no
+default_bits=2048
+encrypt_key=no
+default_md=sha1
+distinguished_name=dn
+# PrintableStrings only
+string_mask=MASK:0002
+x509_extensions=ext
+[dn]
+CN=$FQDN
+[ext]
+subjectAltName=$ALTNAME
+subjectKeyIdentifier=hash
+EOF
+
+touch $OUT/sp-key.pem
+chmod 600 $OUT/sp-key.pem
+if [ -z "$BATCH" ] ; then
+ openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem
+else
+ openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null
+fi
+rm $SSLCNF
diff --git a/container_files/wait-for-it/LICENSE b/container_files/wait-for-it/LICENSE
new file mode 100644
index 0000000..bd18d0c
--- /dev/null
+++ b/container_files/wait-for-it/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+Copyright (c) 2016 Giles Hall
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/container_files/wait-for-it/README.md b/container_files/wait-for-it/README.md
new file mode 100644
index 0000000..3a65c3d
--- /dev/null
+++ b/container_files/wait-for-it/README.md
@@ -0,0 +1,59 @@
+`wait-for-it.sh` is a pure bash script that will wait on the availability of a host and TCP port. It is useful for synchronizing the spin-up of interdependent services, such as linked docker containers. Since it is a pure bash script, it does not have any external dependencies.
+
+## Usage
+
+```
+wait-for-it.sh host:port [-s] [-t timeout] [-- command args]
+-h HOST | --host=HOST Host or IP under test
+-p PORT | --port=PORT TCP port under test
+ Alternatively, you specify the host and port as host:port
+-s | --strict Only execute subcommand if the test succeeds
+-q | --quiet Don't output any status messages
+-t TIMEOUT | --timeout=TIMEOUT
+ Timeout in seconds, zero for no timeout
+-- COMMAND ARGS Execute command with args after the test finishes
+```
+
+## Examples
+
+For example, let's test to see if we can access port 80 on www.google.com, and if it is available, echo the message `google is up`.
+
+```
+$ ./wait-for-it.sh www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+You can set your own timeout with the `-t` or `--timeout=` option. Setting the timeout value to 0 will disable the timeout:
+
+```
+$ ./wait-for-it.sh -t 0 www.google.com:80 -- echo "google is up"
+wait-for-it.sh: waiting for www.google.com:80 without a timeout
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+google is up
+```
+
+The subcommand will be executed regardless if the service is up or not. If you wish to execute the subcommand only if the service is up, add the `--strict` argument. In this example, we will test port 81 on www.google.com which will fail:
+
+```
+$ ./wait-for-it.sh www.google.com:81 --timeout=1 --strict -- echo "google is up"
+wait-for-it.sh: waiting 1 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 1 seconds for www.google.com:81
+wait-for-it.sh: strict mode, refusing to execute subprocess
+```
+
+If you don't want to execute a subcommand, leave off the `--` argument. This way, you can test the exit condition of `wait-for-it.sh` in your own scripts, and determine how to proceed:
+
+```
+$ ./wait-for-it.sh www.google.com:80
+wait-for-it.sh: waiting 15 seconds for www.google.com:80
+wait-for-it.sh: www.google.com:80 is available after 0 seconds
+$ echo $?
+0
+$ ./wait-for-it.sh www.google.com:81
+wait-for-it.sh: waiting 15 seconds for www.google.com:81
+wait-for-it.sh: timeout occurred after waiting 15 seconds for www.google.com:81
+$ echo $?
+124
+```
diff --git a/container_files/wait-for-it/wait-for-it.sh b/container_files/wait-for-it/wait-for-it.sh
new file mode 100755
index 0000000..eca6c3b
--- /dev/null
+++ b/container_files/wait-for-it/wait-for-it.sh
@@ -0,0 +1,161 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+cmdname=$(basename $0)
+
+echoerr() { if [[ $QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+ cat << USAGE >&2
+Usage:
+ $cmdname host:port [-s] [-t timeout] [-- command args]
+ -h HOST | --host=HOST Host or IP under test
+ -p PORT | --port=PORT TCP port under test
+ Alternatively, you specify the host and port as host:port
+ -s | --strict Only execute subcommand if the test succeeds
+ -q | --quiet Don't output any status messages
+ -t TIMEOUT | --timeout=TIMEOUT
+ Timeout in seconds, zero for no timeout
+ -- COMMAND ARGS Execute command with args after the test finishes
+USAGE
+ exit 1
+}
+
+wait_for()
+{
+ if [[ $TIMEOUT -gt 0 ]]; then
+ echoerr "$cmdname: waiting $TIMEOUT seconds for $HOST:$PORT"
+ else
+ echoerr "$cmdname: waiting for $HOST:$PORT without a timeout"
+ fi
+ start_ts=$(date +%s)
+ while :
+ do
+ (echo > /dev/tcp/$HOST/$PORT) >/dev/null 2>&1
+ result=$?
+ if [[ $result -eq 0 ]]; then
+ end_ts=$(date +%s)
+ echoerr "$cmdname: $HOST:$PORT is available after $((end_ts - start_ts)) seconds"
+ break
+ fi
+ sleep 1
+ done
+ return $result
+}
+
+wait_for_wrapper()
+{
+ # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+ if [[ $QUIET -eq 1 ]]; then
+ timeout $TIMEOUT $0 --quiet --child --host=$HOST --port=$PORT --timeout=$TIMEOUT &
+ else
+ timeout $TIMEOUT $0 --child --host=$HOST --port=$PORT --timeout=$TIMEOUT &
+ fi
+ PID=$!
+ trap "kill -INT -$PID" INT
+ wait $PID
+ RESULT=$?
+ if [[ $RESULT -ne 0 ]]; then
+ echoerr "$cmdname: timeout occurred after waiting $TIMEOUT seconds for $HOST:$PORT"
+ fi
+ return $RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+ case "$1" in
+ *:* )
+ hostport=(${1//:/ })
+ HOST=${hostport[0]}
+ PORT=${hostport[1]}
+ shift 1
+ ;;
+ --child)
+ CHILD=1
+ shift 1
+ ;;
+ -q | --quiet)
+ QUIET=1
+ shift 1
+ ;;
+ -s | --strict)
+ STRICT=1
+ shift 1
+ ;;
+ -h)
+ HOST="$2"
+ if [[ $HOST == "" ]]; then break; fi
+ shift 2
+ ;;
+ --host=*)
+ HOST="${1#*=}"
+ shift 1
+ ;;
+ -p)
+ PORT="$2"
+ if [[ $PORT == "" ]]; then break; fi
+ shift 2
+ ;;
+ --port=*)
+ PORT="${1#*=}"
+ shift 1
+ ;;
+ -t)
+ TIMEOUT="$2"
+ if [[ $TIMEOUT == "" ]]; then break; fi
+ shift 2
+ ;;
+ --timeout=*)
+ TIMEOUT="${1#*=}"
+ shift 1
+ ;;
+ --)
+ shift
+ CLI="$@"
+ break
+ ;;
+ --help)
+ usage
+ ;;
+ *)
+ echoerr "Unknown argument: $1"
+ usage
+ ;;
+ esac
+done
+
+if [[ "$HOST" == "" || "$PORT" == "" ]]; then
+ echoerr "Error: you need to provide a host and port to test."
+ usage
+fi
+
+TIMEOUT=${TIMEOUT:-15}
+STRICT=${STRICT:-0}
+CHILD=${CHILD:-0}
+QUIET=${QUIET:-0}
+
+if [[ $CHILD -gt 0 ]]; then
+ wait_for
+ RESULT=$?
+ exit $RESULT
+else
+ if [[ $TIMEOUT -gt 0 ]]; then
+ wait_for_wrapper
+ RESULT=$?
+ else
+ wait_for
+ RESULT=$?
+ fi
+fi
+
+if [[ $CLI != "" ]]; then
+ if [[ $RESULT -ne 0 && $STRICT -eq 1 ]]; then
+ echoerr "$cmdname: strict mode, refusing to execute subprocess"
+ exit $RESULT
+ fi
+ exec $CLI
+else
+ exit $RESULT
+fi
diff --git a/docker-comanage-entrypoint b/docker-comanage-entrypoint
deleted file mode 100755
index 6191e13..0000000
--- a/docker-comanage-entrypoint
+++ /dev/null
@@ -1,350 +0,0 @@
-#!/bin/bash
-
-# COmanage Registry Dockerfile entrypoint
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if [ -n "$COMANAGE_DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
-
-# Configuration details that may be injected through environment
-# variables or the contents of files.
-
-injectable_config_vars=(
- COMANAGE_REGISTRY_DATASOURCE
- COMANAGE_REGISTRY_DATABASE
- COMANAGE_REGISTRY_DATABASE_HOST
- COMANAGE_REGISTRY_DATABASE_USER
- COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
- COMANAGE_REGISTRY_EMAIL_FROM
- COMANAGE_REGISTRY_EMAIL_TRANSPORT
- COMANAGE_REGISTRY_EMAIL_HOST
- COMANAGE_REGISTRY_EMAIL_PORT
- COMANAGE_REGISTRY_EMAIL_ACCOUNT
- COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
- COMANAGE_REGISTRY_SECURITY_SALT
- COMANAGE_REGISTRY_SECURITY_SEED
- ENV
- HTTPS_CERT_FILE
- HTTPS_PRIVKEY_FILE
- SERVER_NAME
- USERTOKEN
-)
-
-# If the file associated with a configuration variable is present then
-# read the value from it into the appropriate variable. So for example
-# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
-# value points to a file on the file system then read the contents
-# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
-
-for config_var in "${injectable_config_vars[@]}"
-do
- eval file_name=\$"${config_var}_FILE";
-
- if [ -e "$file_name" ]; then
- declare "${config_var}"=`cat $file_name`
- fi
-done
-
-# Make sure the directory structure we need is available
-# in the data volume for $COMANAGE_REGISTRY_DIR/local
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"
-
-# If the COmanage Registry database configuration file does not exist
-# then try to create it from injected information with reasonable defaults
-# that aid simple evaluation deployments.
-if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then
- cat > "$COMANAGE_REGISTRY_DIR/local/Config/database.php" <<EOF
-<?php
-
-class DATABASE_CONFIG {
-
- public \$default = array(
- 'datasource' => '${COMANAGE_REGISTRY_DATASOURCE:-Database/Mysql}',
- 'persistent' => false,
- 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}',
- 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}',
- 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}',
- 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}',
- 'prefix' => 'cm_',
- );
-
-}
-EOF
-fi
-
-# If the COmanage Registry email configuration file does not exist
-# then try to create it from injected information with reasonable defaults
-# that aid simple evaluation deployments.
-email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php"
-
-if [ ! -e "$email_config" ]; then
- # If the deployer has injected an email for from then use it,
- # otherwise set a default purely as a template that can edited
- # easier later.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_FROM" ]; then
- email_from="$COMANAGE_REGISTRY_EMAIL_FROM"
- else
- email_from="array('account@gmail.com' => 'Registry')"
- fi
-
- # If the injected email from does not include a single quote (')
- # then add them to make it a PHP string.
- if [[ ! $email_from =~ .*"'".* ]]; then
- email_from="'$email_from'"
- fi
-
- cat > "$email_config" <<EOF
-<?php
-
-class EmailConfig {
-
- public \$default = array(
- 'from' => $email_from,
- 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}',
- 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}',
- 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465},
-EOF
-
- # If the deployer has injected a username then add it to the configuration.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT" ]; then
- cat >> "$email_config" <<EOF
- 'username' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT',
-EOF
- fi
-
- # If the deployer has injected a password then add it to the configuration.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD" ]; then
- cat >> "$email_config" <<EOF
- 'password' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD',
-EOF
- fi
-
- # Complete the PHP array.
- cat >> "$email_config" <<EOF
- );
-}
-EOF
-
-fi
-
-# Loop until we are able to open a connection to the database.
-DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php"
-
-cat > $DATABASE_TEST_SCRIPT <<"EOF"
-<?php
-
-App::import('Model', 'ConnectionManager');
-
-class DatabaseTestShell extends AppShell {
- function main() {
- try {
- $db = ConnectionManager::getDataSource('default');
- } catch (Exception $e) {
- $this->error("Unable to connect to datasource");
- }
- $this->out("Connected to datasource");
- }
-}
-EOF
-
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-
-until ./Console/cake databaseTest > "$OUTPUT" 2>&1; do
- >&2 echo "Database is unavailable - sleeping"
- sleep 1
-done
-
-rm -f "$DATABASE_TEST_SCRIPT"
-
-popd > "$OUTPUT" 2>&1
-
-# We only want to run the setup script once since it creates
-# state in the database. Until COmanage Registry has a better
-# mechanism for telling us if setup has already been run
-# we create an ephemeral CakePHP script to tell us.
-SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"
-
-cat > $SETUP_ALREADY_SCRIPT <<"EOF"
-<?php
-
-class SetupAlreadyShell extends AppShell {
- var $uses = array('Co');
-
- function main() {
- $args = array();
- $args['conditions']['Co.name'] = 'COmanage';
- $args['contain'] = false;
-
- try {
- $co = $this->Co->find('first', $args);
- } catch (CakeException $e) {
- $this->out('Not setup already');
- }
-
- if(empty($co)) {
- $this->out('Not setup already');
- } else {
- $this->error('Setup already');
- }
- }
-}
-EOF
-
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-./Console/cake setupAlready > "$OUTPUT" 2>&1
-setup_already=$?
-
-rm -f "$SETUP_ALREADY_SCRIPT"
-
-if [ $setup_already -eq 0 ]; then
- rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > "$OUTPUT" 2>&1
- rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > "$OUTPUT" 2>&1
- # Run database twice until issue on develop branch is resolved. Since
- # the command is idempotent normally it is not a problem to have it run
- # more than once.
- ./Console/cake database > "$OUTPUT" 2>&1 && \
- ./Console/cake database > "$OUTPUT" 2>&1 && \
- ./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
- --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
- --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
- --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1
- AUTO_GENERATED_SECURITY=1
-fi
-
-popd > "$OUTPUT" 2>&1
-
-# If COmanage Registry CakePHP security salt and seed have been
-# injected and the files do not otherwise exist create them.
-if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then
- echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt"
-fi
-
-if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then
- echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed"
-fi
-
-# We always run upgradeVersion since it will not make any changes
-# if the current and target versions are the same or if
-# an upgrade from the current to the target version is not allowed.
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-
-./Console/cake upgradeVersion "${COMANAGE_REGISTRY_UPGRADE_VERSION_OPTS}" > "$OUTPUT" 2>&1
-
-popd > "$OUTPUT" 2>&1
-
-# Force a datbase update if requested. This is helpful when deploying
-# a new version of the code that does not result in a change in the
-# version number and so upgradeVersion does not fire. An example
-# of this scenario is when new code is introduced in the develop
-# branch but before a release happens.
-if [ -n "$COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE" ]; then
- echo "Forcing a database schema update..." > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
- ./Console/cake database > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
-fi
-
-# Enable any supported non-core plugins if requested.
-if [ -n "$COMANAGE_REGISTRY_ENABLE_PLUGIN" ]; then
- plugins=(`echo "$COMANAGE_REGISTRY_ENABLE_PLUGIN" | sed -e 's@,@ @'`) > "$OUTPUT" 2>&1
- for plugin in "${plugins[@]}";
- do
- echo "Enabling available plugin $plugin..." > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/local/Plugin" > "$OUTPUT" 2>&1
- ln -s "../../app/AvailablePlugin/$plugin" "$plugin" > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
- ./Console/cake database > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
- done
-fi
-
-# Remove any cache files generated thus far.
-find "$COMANAGE_REGISTRY_DIR/app/tmp/cache" -type f -exec rm -f {} \;
-
-# If defined use configured location of Apache HTTP Server
-# HTTPS certificate and key files. The certificate file may also
-# include intermediate CA certificates, sorted from leaf to root.
-if [ -n "$HTTPS_CERT_FILE" ]; then
- rm -f /etc/httpd/cert.pem
- cp "$HTTPS_CERT_FILE" /etc/httpd/cert.pem
- chown apache /etc/httpd/cert.pem
- chmod 0644 /etc/httpd/cert.pem
-fi
-
-if [ -n "$HTTPS_PRIVKEY_FILE" ]; then
- rm -f /etc/httpd/privkey.pem
- cp "$HTTPS_PRIVKEY_FILE" /etc/httpd/privkey.pem
- chown apache /etc/httpd/privkey.pem
- chmod 0600 /etc/httpd/privkey.pem
-fi
-
-# If SERVER_NAME has not been injected try to determine
-# it from the HTTPS_CERT_FILE.
-if [ -z "$SERVER_NAME" ]; then
- SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -text -noout | sed -n '/X509v3 Subject Alternative Name:/ {n;p}' | sed -E 's/.*DNS:(.*)\s*$/\1/'`
- if [ -z "$SERVER_NAME" ]; then
- SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -subject -noout | sed -E 's/subject=.*CN=(.*)\s*/\1/'`
- fi
-fi
-
-# Configure Apache HTTP Server with the server name.
-sed -i -e s@%%SERVER_NAME%%@"${SERVER_NAME:-unknown}"@g /etc/httpd/conf.d/000-comanage.conf
-
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
-
-# Create pipes to use for COmanage Registry instead of standard log files.
-rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
-rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
-mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
-mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
-
-# Format any output from COmanange Registry into standard TIER form.
-(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
-(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
-
-# Start Apache HTTP Server
-exec /usr/sbin/httpd -DFOREGROUND
diff --git a/docker-comanage-shibboleth-sp-entrypoint b/docker-comanage-shibboleth-sp-entrypoint
deleted file mode 100755
index 11527b8..0000000
--- a/docker-comanage-shibboleth-sp-entrypoint
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/bin/bash
-
-# COmanage Registry Shibboleth SP Dockerfile entrypoint
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if [ -n "$COMANAGE_DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
-
-# Configuration details that may be injected through environment
-# variables or the contents of files.
-#
-# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the
-# same way but because of the presence of special characters in the
-# XML it is handled differently.
-
-injectable_config_vars=(
- SHIBBOLETH_SP_ENTITY_ID
- SHIBBOLETH_SP_CERT
- SHIBBOLETH_SP_PRIVKEY
- SHIBBOLETH_SP_SAMLDS_URL
-)
-
-# If the file associated with a configuration variable is present then
-# read the value from it into the appropriate variable. So for example
-# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
-# value points to a file on the file system then read the contents
-# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
-
-for config_var in "${injectable_config_vars[@]}"
-do
- eval file_name=\$"${config_var}_FILE";
-
- if [ -e "$file_name" ]; then
- payload=`cat $file_name`
- declare "${config_var}"="${payload}"
- fi
-done
-
-# If no shibboleth2.xml file is present then create one using
-# injected information or defaults that are not particularly
-# useful in a federated context but will allow shibd to start.
-if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then
- cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml
- sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml
- sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml
-
- # The metadata provider injected input most likely contains special characters
- # so use a sed script instead of simple substitution on the command line.
-
- if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then
- xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE"
- else
- xml_content_file=`/bin/mktemp`
- echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file}
- fi
-
- sed_script_file=`/bin/mktemp`
- cat > ${sed_script_file}<<EOF
-/%%SHIBBOLETH_SP_METADATA_PROVIDER_XML%%/ {
- r ${xml_content_file}
- d
-}
-EOF
-
- sed -i -f ${sed_script_file} /etc/shibboleth/shibboleth2.xml
-
- chmod 0644 /etc/shibboleth/shibboleth2.xml
-fi
-
-# If defined use configured location of Shibboleth SP SAML certificate and key.
-if [ -n "$SHIBBOLETH_SP_CERT" ]; then
- cp "$SHIBBOLETH_SP_CERT" /etc/shibboleth/sp-cert.pem
- chown shibd /etc/shibboleth/sp-cert.pem
- chmod 0644 /etc/shibboleth/sp-cert.pem
-fi
-
-if [ -n "$SHIBBOLETH_SP_PRIVKEY" ]; then
- cp "$SHIBBOLETH_SP_PRIVKEY" /etc/shibboleth/sp-key.pem
- chown shibd /etc/shibboleth/sp-key.pem
- chmod 0600 /etc/shibboleth/sp-key.pem
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
-
-# Start the daemon.
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64
-exec /usr/sbin/shibd -f -u shibd -g shibd -c /etc/shibboleth/shibboleth2.xml -p /var/run/shibboleth/shibd.pid -F
diff --git a/docker-supervisord-entrypoint b/docker-supervisord-entrypoint
deleted file mode 100755
index 8000116..0000000
--- a/docker-supervisord-entrypoint
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/bin/bash
-
-# COmanage Registry Dockerfile entrypoint
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if [ -n "$DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
-
-# Make a "console" logging pipe that anyone can write to regardless of who owns the process.
-rm -f /tmp/logpipe > "$OUTPUT" 2>&1
-mkfifo -m 666 /tmp/logpipe > "$OUTPUT" 2>&1
-cat <> /tmp/logpipe &
-
-# Format any console output from httpd into standard TIER form.
-rm -f /tmp/loghttpd > "$OUTPUT" 2>&1
-mkfifo -m 666 /tmp/loghttpd > "$OUTPUT" 2>&1
-(cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
-
-# Format any console output from shibd into standard TIER form.
-rm -f /tmp/logshibd > "$OUTPUT" 2>&1
-mkfifo -m 666 /tmp/logshibd > "$OUTPUT" 2>&1
-(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
-
-# Format any console output from supervisord into standard TIER form.
-rm -f /tmp/logsuperd > "$OUTPUT" 2>&1
-mkfifo -m 666 /tmp/logsuperd > "$OUTPUT" 2>&1
-(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
-
-# Format any output from cron into standard TIER form.
-rm -f /var/log/cron > "$OUTPUT" 2>&1
-rm -f /tmp/logcrond > "$OUTPUT" 2>&1
-mkfifo -m 666 /tmp/logcrond > "$OUTPUT" 2>&1
-ln -s /tmp/logcrond /var/log/cron > "$OUTPUT" 2>&1
-(cat <> /tmp/logcrond | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "crond;cron;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
-
-# Close stdout and stderr for this process since supervisord will write
-# to its logfile and its children are configured to write to different
-# pipes.
-exec 1<&-
-exec 2<&-
-
-# Start supervisord
-exec /usr/bin/supervisord -c /usr/local/etc/supervisord.conf
diff --git a/files/bin/sendtierbeacon.sh b/files/bin/sendtierbeacon.sh
new file mode 100644
index 0000000..f9ba5c4
--- /dev/null
+++ b/files/bin/sendtierbeacon.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+if [ -s /opt/tier/env.bash ]; then
+ . /opt/tier/env.bash
+fi
+
+#below for syslog, F-TICKS style
+#LOGTEXT="TIERBEACON/TIER/1.0#IM=$IMAGENAME#PV=$VERSION#TR=$TIERVERSION#MT=$MAINTAINER#"
+
+#below for JSON/REST style
+LOGTEXT="{ \"msgType\" : \"TIERBEACON\", \"msgName\" : \"TIER\", \"msgVersion\" : \"1.0\", \"tbProduct\" : \"$IMAGENAME\", \"tbProductVersion\" : \"$VERSION\", \"tbTIERRelease\" : \"$TIERVERSION\", \"tbMaintainer\" : \"$MAINTAINER\" }"
+
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ #send JSON
+ echo $LOGTEXT > msgjson.txt
+ curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T msgjson.txt 1>/dev/null
+ rm -f msgjson.txt
+
+ #below is for syslog, F-TICKS style
+ #`logger -n $LOGHOST -P $LOGPORT -t TIERBEACON $LOGTEXT`
+
+ echo `date`"; TIER beacon sent."
+fi
diff --git a/files/bin/setenv.sh b/files/bin/setenv.sh
new file mode 100644
index 0000000..a43bc0b
--- /dev/null
+++ b/files/bin/setenv.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^VERSION" > /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIERVERSION" >> /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^IMAGE" >> /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^MAINTAINER" >> /opt/tier/env.bash
diff --git a/files/bin/startup.sh b/files/bin/startup.sh
new file mode 100644
index 0000000..c3bb95d
--- /dev/null
+++ b/files/bin/startup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+CRONFILE=/opt/tier/tier-cron
+
+#set env vars for cron job
+/opt/tier/setenv.sh
+
+#build crontab file with random start time between midnight and 3:59am
+echo "#send daily beacon to TIER Central" > ${CRONFILE}
+echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/bin/sendtierbeacon.sh >> /var/log/cron.log 2>&1" >> ${CRONFILE}
+chmod 644 ${CRONFILE}
+
+#install crontab
+crontab ${CRONFILE}
+
+#create cron logfile
+touch /var/log/cron.log
+
+#start crond
+/usr/sbin/crond
+
+#from intermediate container's CMD directive
+/opt/bin/start.sh
diff --git a/httpd.conf b/httpd.conf
deleted file mode 100644
index 3cbc05a..0000000
--- a/httpd.conf
+++ /dev/null
@@ -1,74 +0,0 @@
-# COmanage Registry Apache HTTP Server configuration
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ServerRoot "/etc/httpd"
-Listen 80
-Include conf.modules.d/*.conf
-User apache
-Group apache
-ServerAdmin root@localhost
-
-<Directory />
- AllowOverride none
- Require all denied
-</Directory>
-
-DocumentRoot "/var/www/html"
-
-<Directory "/var/www">
- AllowOverride None
- # Allow open access:
- Require all granted
-</Directory>
-
-<Directory "/var/www/html">
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-</Directory>
-
-DirectoryIndex index.html
-
-<Files ".ht*">
- Require all denied
-</Files>
-
-PassEnv ENV
-PassEnv USERTOKEN
-
-ErrorLogFormat "httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
-ErrorLog "/tmp/logpipe"
-LogLevel warn
-
-LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-CustomLog "/tmp/logpipe" combined
-
-TypesConfig /etc/mime.types
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
-
-AddDefaultCharset UTF-8
-
-MIMEMagicFile conf/magic
-
-EnableSendfile on
-
-IncludeOptional conf.d/*.conf
diff --git a/native.logger b/native.logger
deleted file mode 100644
index 0b01f32..0000000
--- a/native.logger
+++ /dev/null
@@ -1,39 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, native_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# define the appender
-
-log4j.appender.native_log=org.apache.log4j.FileAppender
-log4j.appender.native_log.fileName=/tmp/logpipe
-log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/tmp/logpipe
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
diff --git a/php.conf b/php.conf
deleted file mode 100644
index ffda6de..0000000
--- a/php.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-<FilesMatch \.php$>
- SetHandler application/x-httpd-php
-</FilesMatch>
-
-AddType text/html .php
-
-DirectoryIndex index.php
-
-#php_value session.save_handler "files"
-#php_value session.save_path "/var/lib/php/session"
diff --git a/sendtierbeacon.sh b/sendtierbeacon.sh
deleted file mode 100755
index 63e27f9..0000000
--- a/sendtierbeacon.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-# COmanage Regsitry script to send TIER beacon
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOGHOST="collector.testbed.tier.internet2.edu"
-LOGPORT="5001"
-
-messagefile="/tmp/beaconmsg"
-
-if [ -z "$TIER_BEACON_OPT_OUT" ]; then
- cat > $messagefile <<EOF
-{
- "msgType" : "TIERBEACON",
- "msgName" : "TIER",
- "msgVersion" : "1.0",
- "tbProduct" : "COmanage Registry",
- "tbProductVersion" : "$COMANAGE_REGISTRY_VERSION",
- "tbTIERRelease" : "$TIER_RELEASE",
- "tbMaintainer" : "$TIER_MAINTAINER"
-}
-EOF
-
- curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
- if [ $? -eq 0 ]; then
- echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; TIER beacon sent"
- else
- echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; Failed to send TIER beacon"
- fi
-
- rm -f $messagefile 1>/dev/null 2>&1
-
-fi
diff --git a/setupcron.sh b/setupcron.sh
deleted file mode 100755
index 3f45f05..0000000
--- a/setupcron.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-# COmanage Registry shell script to install TIER beacon crontab
-#
-# Portions licensed to the University Corporation for Advanced Internet
-# Development, Inc. ("UCAID") under one or more contributor license agreements.
-# See the NOTICE file distributed with this work for additional information
-# regarding copyright ownership.
-#
-# UCAID licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with the
-# License. You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-CRONFILE=/tmp/cronfile
-
-# Build and install crontab file with random start time
-# between midnight and 3:59am.
-echo "#send daily beacon to TIER Central" > ${CRONFILE}
-echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logpipe 2>&1" >> ${CRONFILE}
-chmod 644 ${CRONFILE}
-crontab ${CRONFILE}
diff --git a/shibboleth.repo b/shibboleth.repo
deleted file mode 100644
index 393aa48..0000000
--- a/shibboleth.repo
+++ /dev/null
@@ -1,7 +0,0 @@
-[security_shibboleth]
-name=Shibboleth (CentOS_7)
-type=rpm-md
-baseurl=http://downloadcontent.opensuse.org/repositories/security:/shibboleth/CentOS_7/
-gpgcheck=1
-gpgkey=http://downloadcontent.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key
-enabled=1
diff --git a/shibd.logger b/shibd.logger
deleted file mode 100644
index 41300f2..0000000
--- a/shibd.logger
+++ /dev/null
@@ -1,63 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, shibd_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at INFO for this category
-log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.FileAppender
-log4j.appender.shibd_log.fileName=/tmp/logpipe
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/tmp/logpipe
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=shibd;shibd_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
-
-log4j.appender.tran_log=org.apache.log4j.FileAppender
-log4j.appender.tran_log.fileName=/tmp/logpipe
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/tmp/logpipe
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log${ENV};${USERTOKEN};%m
diff --git a/supervisord.conf b/supervisord.conf
deleted file mode 100644
index 6130af4..0000000
--- a/supervisord.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-; COmanage Registry Docker supervisord configuration
-;
-; Portions licensed to the University Corporation for Advanced Internet
-; Development, Inc. ("UCAID") under one or more contributor license agreements.
-; See the NOTICE file distributed with this work for additional information
-; regarding copyright ownership.
-;
-; UCAID licenses this file to you under the Apache License, Version 2.0
-; (the "License"); you may not use this file except in compliance with the
-; License. You may obtain a copy of the License at:
-;
-; http://www.apache.org/licenses/LICENSE-2.0
-;
-; Unless required by applicable law or agreed to in writing, software
-; distributed under the License is distributed on an "AS IS" BASIS,
-; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-; See the License for the specific language governing permissions and
-; limitations under the License.
-
-[supervisord]
-logfile=/tmp/logsuperd
-logfile_maxbytes=0
-nodaemon=true
-user=root
-
-[program:httpd]
-command=/usr/local/bin/docker-comanage-entrypoint
-stdout_logfile=/tmp/loghttpd
-stdout_logfile_maxbytes=0
-stderr_logfile=/tmp/loghttpd
-stderr_logfile_maxbytes=0
-
-[program:shibd]
-command=/usr/local/bin/docker-comanage-shibboleth-sp-entrypoint
-stdout_logfile=/tmp/logshibd
-stdout_logfile_maxbytes=0
-stderr_logfile=/tmp/logshibd
-stderr_logfile_maxbytes=0
-
-[program:crond]
-command=/usr/sbin/crond -i -m off -n
-stdout_logfile=/tmp/logcrond
-stdout_logfile_maxbytes=0
-stderr_logfile=/tmp/logcrond
-stderr_logfile_maxbytes=0
diff --git a/tests/image.bats b/tests/image.bats
new file mode 100644
index 0000000..de810a1
--- /dev/null
+++ b/tests/image.bats
@@ -0,0 +1,40 @@
+#!/usr/bin/env bats
+# Licensed to the University Corporation for Advanced Internet Development,
+# Inc. (UCAID) under one or more contributor license agreements. See the
+# NOTICE file distributed with this work for additional information regarding
+# copyright ownership. The UCAID licenses this file to You under the Apache
+# License, Version 2.0 (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+load ../common
+
+@test "COmanage directory created" {
+ docker run -i $maintainer/$imagename find /opt/comanage/comanage-registry-$version
+}
+
+@test "COmanage cache link directory created" {
+ docker run -i $maintainer/$imagename find /opt/comanage/comanage-registry-$version/local/tmp -links 1
+
+}
+@test "Autoexec firstrun capability detected" {
+ docker run -i $maintainer/$imagename find /opt/autoexec/bin/firstrun.sh
+}
+
+@test "Autoexec onbuild capability detected" {
+ docker run -i $maintainer/$imagename find /opt/autoexec/bin/onbuild.sh
+}
+
+@test "Autoexec firstrun retains executability" {
+ skip
+ docker run -i $maintainer/$imagename ls -la /opt/autoexec/bin/firstrun.sh
+}
+
+