Skip to content
Permalink
Browse files

Merge pull request #20 from docker/UseUpstream

mods for using upstream container
  • Loading branch information
pcaskey committed Jun 18, 2018
2 parents e4e709c + 0f36903 commit 198a06782e30a89f1ab5e43aa993c3a20a1c1189
Showing with 159 additions and 120 deletions.
  1. +14 −8 Dockerfile
  2. +25 −0 Dockerfile.template
  3. +120 −112 configBuilder.sh
@@ -5,19 +5,25 @@ RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=
yum -y install wget zip unzip rsync openssl && \
yum -y clean all

#download/install JRE
ENV JAVA_HOME /usr/java/latest
#download/install Java
ENV JAVA_HOME /usr

RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \
yum -y install /tmp/jre-8u171-linux-x64.rpm && \
rm -f /tmp/jre-8u171-linux-x64.rpm && \
alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
# Install Zulu Java
RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
&& curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
&& yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000

#RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \
# yum -y install /tmp/jre-8u171-linux-x64.rpm && \
# rm -f /tmp/jre-8u171-linux-x64.rpm && \
# alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
# alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
# alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000

#copy files
RUN mkdir -p /output && mkdir -p /scriptrun
COPY configBuilder.sh /scriptrun
COPY Dockerfile.template /
RUN chmod 755 /scriptrun/configBuilder.sh

CMD /scriptrun/configBuilder.sh
@@ -0,0 +1,25 @@
FROM tier/shib-idp:newJavaTomcat

# The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config.
ARG TOMCFG=config/tomcat
ARG TOMCERT=credentials/tomcat
ARG TOMWWWROOT=wwwroot
ARG SHBCFG=config/shib-idp/conf
ARG SHBCREDS=credentials/shib-idp
ARG SHBVIEWS=config/shib-idp/views
ARG SHBEDWAPP=config/shib-idp/edit-webapp
ARG SHBMSGS=config/shib-idp/messages
ARG SHBMD=config/shib-idp/metadata

# copy in the needed config files
ADD ${TOMCFG} /usr/local/tomcat/conf
ADD ${TOMCERT} /opt/certs
ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
ADD ${SHBCFG} /opt/shibboleth-idp/conf
ADD ${SHBCREDS} /opt/shibboleth-idp/credentials
ADD ${SHBVIEWS} /opt/shibboleth-idp/views
ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp
ADD ${SHBMSGS} /opt/shibboleth-idp/messages
ADD ${SHBMD} /opt/shibboleth-idp/metadata


@@ -12,13 +12,13 @@ TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/m
TMP_DIR_S=/tmp/3.3release
TMP_DIR_T=/tmp/tomcfg
TMP_DIR_D=/tmp/buildfiles
LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip
WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip
#LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip
#WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip


# default directories
TOMCFG=config/tomcat
TOMLOG=logs/tomcat
#TOMLOG=logs/tomcat
TOMCERT=credentials/tomcat
TOMWWWROOT=wwwroot
SHBCFG=config/shib-idp/conf
@@ -27,7 +27,7 @@ SHBVIEWS=config/shib-idp/views
SHBEDWAPP=config/shib-idp/edit-webapp
SHBMSGS=config/shib-idp/messages
SHBMD=config/shib-idp/metadata
SHBLOG=logs/shib-idp
#SHBLOG=logs/shib-idp

# logs
LOGFILE=${PWD}/setup.log
@@ -50,7 +50,7 @@ USESECRETS=None
### ensure directory structure ###
##################################
mkdir -p config/tomcat
mkdir -p logs/tomcat
#mkdir -p logs/tomcat
mkdir -p credentials/tomcat
mkdir -p wwwroot
mkdir -p config/shib-idp/conf
@@ -59,42 +59,43 @@ mkdir -p config/shib-idp/views
mkdir -p config/shib-idp/edit-webapp
mkdir -p config/shib-idp/messages
mkdir -p config/shib-idp/metadata
mkdir -p logs/shib-idp
#mkdir -p logs/shib-idp


###########################################################
### grab the docker build files, depending on OS choice ###
###########################################################
# first, check for wget
command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; }


case "$BUILD_ENV" in
LINUX | linux)
echo "Getting build files for a Linux container"
wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL} > /dev/null
unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
cp -rf ${TMP_DIR_D}/shib-idp-master/* /output
;;
WINDOWS | windows)
echo "Getting build files for a Windows container"
wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL} > /dev/null
unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output
;;
*)
echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported). Terminating."
exit 1
;;
esac

rm -f /output/configBuilder.sh > /dev/null 2>&1
rm -f /output/setup.log > /dev/null 2>&1
rm -f /output/README.md > /dev/null 2>&1
rm -rf /output/shib-idp-master/*

#grab copy of Dockerfile in working dir
cp -f /output/Dockerfile .
## first, check for wget
#command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; }
#
#
#case "$BUILD_ENV" in
#LINUX | linux)
# echo "Getting build files for a Linux container"
# wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL} > /dev/null
# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
# cp -rf ${TMP_DIR_D}/shib-idp-master/* /output
# ;;
#WINDOWS | windows)
# echo "Getting build files for a Windows container"
# wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL} > /dev/null
# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
# cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output
# ;;
#*)
# echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported). Terminating."
# exit 1
# ;;
#esac
#
#rm -f /output/configBuilder.sh > /dev/null 2>&1
#rm -f /output/setup.log > /dev/null 2>&1
#rm -f /output/README.md > /dev/null 2>&1
#rm -rf /output/shib-idp-master/*
#
##grab copy of Dockerfile in working dir
#cp -f /output/Dockerfile .
##############################################################


##############################################################
@@ -131,40 +132,42 @@ cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT}
#
# Get Oracle license agreement from the user
#
echo ""
echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container "
echo "should be configured to download it for you as part of the Docker image build "
echo "process, but, before we proceed, you must agree to the Oracle Binary Code "
echo "License Agreement for Java SE (\"Oracle License\"). Please review:"
echo ""
echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html"
echo ""
echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not"
echo "distributing the Java software and, to the extent an issue arises"
echo "related to your use of Oracle Java in the TIER software package, you and"
echo "Internet2 agree to hold each other harmless from any third party claims."
echo ""${PWD}
#echo ""
#echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container "
#echo "should be configured to download it for you as part of the Docker image build "
#echo "process, but, before we proceed, you must agree to the Oracle Binary Code "
#echo "License Agreement for Java SE (\"Oracle License\"). Please review:"
#echo ""
#echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html"
#echo ""
#echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not"
#echo "distributing the Java software and, to the extent an issue arises"
#echo "related to your use of Oracle Java in the TIER software package, you and"
#echo "Internet2 agree to hold each other harmless from any third party claims."
#echo ""${PWD}
#
while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do
echo -n "Do you agree to the terms of the Oracle license [Yes/No]? "
read response
case $response in
Yes)
ORACLE_JAVA_APPROVAL=$response
;;
No)
ORACLE_JAVA_APPROVAL=$response
;;
*)
echo "Please respond with Yes or No"
esac
done
if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then
echo ""
echo "In order to use this implementation of the Shibboleth IdP, you must"
echo "use Oracle Java and thus agree to the terms of the Oracle license."
exit 0
fi
#while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do
# echo -n "Do you agree to the terms of the Oracle license [Yes/No]? "
# read response
# case $response in
# Yes)
# ORACLE_JAVA_APPROVAL=$response
# ;;
# No)
# ORACLE_JAVA_APPROVAL=$response
# ;;
# *)
# echo "Please respond with Yes or No"
# esac
#done
#if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then
# echo ""
# echo "In order to use this implementation of the Shibboleth IdP, you must"
# echo "use Oracle Java and thus agree to the terms of the Oracle license."
# exit 0
#fi


#
# Get the FQDN of the server
#
@@ -523,50 +526,49 @@ rm -f ${LDAP_PROP}.tmp5
# adjust Dockerfile for java and for a burned-in config, if needed
#
#java first
if test \! -f Dockerfile.dist; then
cp Dockerfile Dockerfile.dist
fi
cat <<EOF > docker_edit.sed
s/^# ENV /ENV /
s/^# RUN /RUN /
s/^# yum/ yum/
s/^# rm/ rm/
s/^# alternatives/ alternatives/
s/^# http/ http/
s/^# \&\&/ \&\&/
EOF
rm -f Dockerfile
sed -f docker_edit.sed Dockerfile.dist > Dockerfile
rm -f docker_edit.sed


if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then
echo "Configuring Docker for burned-in/hybrid configuration."

mv -f Dockerfile Dockerfile.setup
cat <<EOF > docker_edit.sed
s/^## ADD /ADD /
/^VOLUME/,+10 s/^/#/
EOF
rm -f Dockerfile
sed -f docker_edit.sed Dockerfile.setup > Dockerfile
rm -f Dockerfile.setup
rm -f docker_edit.sed

fi

if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then
echo "Configuring Dockerfile for use of secrets in a Windows container."
#if test \! -f Dockerfile.dist; then
# cp Dockerfile Dockerfile.dist
#fi
#cat <<EOF > docker_edit.sed
#s/^# ENV /ENV /
#s/^# RUN /RUN /
#s/^# yum/ yum/
#s/^# rm/ rm/
#s/^# alternatives/ alternatives/
#s/^# http/ http/
#s/^# \&\&/ \&\&/
#EOF
#rm -f Dockerfile
#sed -f docker_edit.sed Dockerfile.dist > Dockerfile
#rm -f docker_edit.sed

#if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then
# echo "Configuring Docker for burned-in/hybrid configuration."
#
# mv -f Dockerfile Dockerfile.setup
# cat <<EOF > docker_edit.sed
#s/^## ADD /ADD /
#/^VOLUME/,+10 s/^/#/
#EOF
# rm -f Dockerfile
# sed -f docker_edit.sed Dockerfile.setup > Dockerfile
# rm -f Dockerfile.setup
# rm -f docker_edit.sed
#
#fi

mv -f Dockerfile Dockerfile.setup
cat <<EOF > docker_edit.sed
s/^#!# RUN /RUN /
EOF
rm -f Dockerfile
sed -f docker_edit.sed Dockerfile.setup > Dockerfile
rm -f Dockerfile.setup
rm -f docker_edit.sed
fi
#if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then
# echo "Configuring Dockerfile for use of secrets in a Windows container."
#
# mv -f Dockerfile Dockerfile.setup
# cat <<EOF > docker_edit.sed
#s/^#!# RUN /RUN /
#EOF
# rm -f Dockerfile
# sed -f docker_edit.sed Dockerfile.setup > Dockerfile
# rm -f Dockerfile.setup
# rm -f docker_edit.sed
#fi

# configure SSL keystore password in tomcat's config file:
# conf/tomcat/server.xml replace: keystorePass="password"
@@ -579,6 +581,12 @@ fi
sed "s#keystorePass=\"password\"#keystorePass=\"${STOREPWD}\"#" ${TOMCFG}/server.xml.dist > ${TOMCFG}/server.xml


#
# copy Dockerfile template
#
cp /Dockerfile.template ${PWD}/Dockerfile


# if the user chose to use secrets, then generate a directory containing the config with secrets removed
if [ ${USESECRETS} == "YES" ]; then
echo ""

0 comments on commit 198a067

Please sign in to comment.
You can’t perform that action at this time.