diff --git a/Dockerfile b/Dockerfile index 0806af3..bab0ad5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,19 +5,25 @@ RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags= yum -y install wget zip unzip rsync openssl && \ yum -y clean all -#download/install JRE -ENV JAVA_HOME /usr/java/latest +#download/install Java +ENV JAVA_HOME /usr -RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \ - yum -y install /tmp/jre-8u171-linux-x64.rpm && \ - rm -f /tmp/jre-8u171-linux-x64.rpm && \ - alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \ - alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \ - alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000 +# Install Zulu Java +RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ + && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \ + && yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000 + +#RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \ +# yum -y install /tmp/jre-8u171-linux-x64.rpm && \ +# rm -f /tmp/jre-8u171-linux-x64.rpm && \ +# alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \ +# alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \ +# alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000 #copy files RUN mkdir -p /output && mkdir -p /scriptrun COPY configBuilder.sh /scriptrun +COPY Dockerfile.template / RUN chmod 755 /scriptrun/configBuilder.sh CMD /scriptrun/configBuilder.sh diff --git a/Dockerfile.template b/Dockerfile.template new file mode 100644 index 0000000..440deb2 --- /dev/null +++ b/Dockerfile.template @@ -0,0 +1,25 @@ +FROM tier/shib-idp:newJavaTomcat + +# The build args below can be used at build-time to tell the build process where to find your config files. This is for a completely burned-in config. +ARG TOMCFG=config/tomcat +ARG TOMCERT=credentials/tomcat +ARG TOMWWWROOT=wwwroot +ARG SHBCFG=config/shib-idp/conf +ARG SHBCREDS=credentials/shib-idp +ARG SHBVIEWS=config/shib-idp/views +ARG SHBEDWAPP=config/shib-idp/edit-webapp +ARG SHBMSGS=config/shib-idp/messages +ARG SHBMD=config/shib-idp/metadata + +# copy in the needed config files +ADD ${TOMCFG} /usr/local/tomcat/conf +ADD ${TOMCERT} /opt/certs +ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT +ADD ${SHBCFG} /opt/shibboleth-idp/conf +ADD ${SHBCREDS} /opt/shibboleth-idp/credentials +ADD ${SHBVIEWS} /opt/shibboleth-idp/views +ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp +ADD ${SHBMSGS} /opt/shibboleth-idp/messages +ADD ${SHBMD} /opt/shibboleth-idp/metadata + + diff --git a/configBuilder.sh b/configBuilder.sh index c4e6614..4ee1f26 100755 --- a/configBuilder.sh +++ b/configBuilder.sh @@ -12,13 +12,13 @@ TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/m TMP_DIR_S=/tmp/3.3release TMP_DIR_T=/tmp/tomcfg TMP_DIR_D=/tmp/buildfiles -LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip -WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip +#LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip +#WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip # default directories TOMCFG=config/tomcat -TOMLOG=logs/tomcat +#TOMLOG=logs/tomcat TOMCERT=credentials/tomcat TOMWWWROOT=wwwroot SHBCFG=config/shib-idp/conf @@ -27,7 +27,7 @@ SHBVIEWS=config/shib-idp/views SHBEDWAPP=config/shib-idp/edit-webapp SHBMSGS=config/shib-idp/messages SHBMD=config/shib-idp/metadata -SHBLOG=logs/shib-idp +#SHBLOG=logs/shib-idp # logs LOGFILE=${PWD}/setup.log @@ -50,7 +50,7 @@ USESECRETS=None ### ensure directory structure ### ################################## mkdir -p config/tomcat -mkdir -p logs/tomcat +#mkdir -p logs/tomcat mkdir -p credentials/tomcat mkdir -p wwwroot mkdir -p config/shib-idp/conf @@ -59,42 +59,43 @@ mkdir -p config/shib-idp/views mkdir -p config/shib-idp/edit-webapp mkdir -p config/shib-idp/messages mkdir -p config/shib-idp/metadata -mkdir -p logs/shib-idp +#mkdir -p logs/shib-idp ########################################################### ### grab the docker build files, depending on OS choice ### ########################################################### -# first, check for wget -command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; } - - -case "$BUILD_ENV" in -LINUX | linux) - echo "Getting build files for a Linux container" - wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL} > /dev/null - unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 - cp -rf ${TMP_DIR_D}/shib-idp-master/* /output - ;; -WINDOWS | windows) - echo "Getting build files for a Windows container" - wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL} > /dev/null - unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 - cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output - ;; -*) - echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported). Terminating." - exit 1 - ;; -esac - -rm -f /output/configBuilder.sh > /dev/null 2>&1 -rm -f /output/setup.log > /dev/null 2>&1 -rm -f /output/README.md > /dev/null 2>&1 -rm -rf /output/shib-idp-master/* - -#grab copy of Dockerfile in working dir -cp -f /output/Dockerfile . +## first, check for wget +#command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; } +# +# +#case "$BUILD_ENV" in +#LINUX | linux) +# echo "Getting build files for a Linux container" +# wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL} > /dev/null +# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 +# cp -rf ${TMP_DIR_D}/shib-idp-master/* /output +# ;; +#WINDOWS | windows) +# echo "Getting build files for a Windows container" +# wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL} > /dev/null +# unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1 +# cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output +# ;; +#*) +# echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported). Terminating." +# exit 1 +# ;; +#esac +# +#rm -f /output/configBuilder.sh > /dev/null 2>&1 +#rm -f /output/setup.log > /dev/null 2>&1 +#rm -f /output/README.md > /dev/null 2>&1 +#rm -rf /output/shib-idp-master/* +# +##grab copy of Dockerfile in working dir +#cp -f /output/Dockerfile . +############################################################## ############################################################## @@ -131,40 +132,42 @@ cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} # # Get Oracle license agreement from the user # -echo "" -echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container " -echo "should be configured to download it for you as part of the Docker image build " -echo "process, but, before we proceed, you must agree to the Oracle Binary Code " -echo "License Agreement for Java SE (\"Oracle License\"). Please review:" -echo "" -echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html" -echo "" -echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not" -echo "distributing the Java software and, to the extent an issue arises" -echo "related to your use of Oracle Java in the TIER software package, you and" -echo "Internet2 agree to hold each other harmless from any third party claims." -echo ""${PWD} +#echo "" +#echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container " +#echo "should be configured to download it for you as part of the Docker image build " +#echo "process, but, before we proceed, you must agree to the Oracle Binary Code " +#echo "License Agreement for Java SE (\"Oracle License\"). Please review:" +#echo "" +#echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html" +#echo "" +#echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not" +#echo "distributing the Java software and, to the extent an issue arises" +#echo "related to your use of Oracle Java in the TIER software package, you and" +#echo "Internet2 agree to hold each other harmless from any third party claims." +#echo ""${PWD} # -while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do - echo -n "Do you agree to the terms of the Oracle license [Yes/No]? " - read response - case $response in - Yes) - ORACLE_JAVA_APPROVAL=$response - ;; - No) - ORACLE_JAVA_APPROVAL=$response - ;; - *) - echo "Please respond with Yes or No" - esac -done -if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then - echo "" - echo "In order to use this implementation of the Shibboleth IdP, you must" - echo "use Oracle Java and thus agree to the terms of the Oracle license." - exit 0 -fi +#while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do +# echo -n "Do you agree to the terms of the Oracle license [Yes/No]? " +# read response +# case $response in +# Yes) +# ORACLE_JAVA_APPROVAL=$response +# ;; +# No) +# ORACLE_JAVA_APPROVAL=$response +# ;; +# *) +# echo "Please respond with Yes or No" +# esac +#done +#if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then +# echo "" +# echo "In order to use this implementation of the Shibboleth IdP, you must" +# echo "use Oracle Java and thus agree to the terms of the Oracle license." +# exit 0 +#fi + + # # Get the FQDN of the server # @@ -523,50 +526,49 @@ rm -f ${LDAP_PROP}.tmp5 # adjust Dockerfile for java and for a burned-in config, if needed # #java first -if test \! -f Dockerfile.dist; then - cp Dockerfile Dockerfile.dist -fi -cat < docker_edit.sed -s/^# ENV /ENV / -s/^# RUN /RUN / -s/^# yum/ yum/ -s/^# rm/ rm/ -s/^# alternatives/ alternatives/ -s/^# http/ http/ -s/^# \&\&/ \&\&/ -EOF -rm -f Dockerfile -sed -f docker_edit.sed Dockerfile.dist > Dockerfile -rm -f docker_edit.sed - - -if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then - echo "Configuring Docker for burned-in/hybrid configuration." - - mv -f Dockerfile Dockerfile.setup - cat < docker_edit.sed -s/^## ADD /ADD / -/^VOLUME/,+10 s/^/#/ -EOF - rm -f Dockerfile - sed -f docker_edit.sed Dockerfile.setup > Dockerfile - rm -f Dockerfile.setup - rm -f docker_edit.sed - -fi - -if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then - echo "Configuring Dockerfile for use of secrets in a Windows container." +#if test \! -f Dockerfile.dist; then +# cp Dockerfile Dockerfile.dist +#fi +#cat < docker_edit.sed +#s/^# ENV /ENV / +#s/^# RUN /RUN / +#s/^# yum/ yum/ +#s/^# rm/ rm/ +#s/^# alternatives/ alternatives/ +#s/^# http/ http/ +#s/^# \&\&/ \&\&/ +#EOF +#rm -f Dockerfile +#sed -f docker_edit.sed Dockerfile.dist > Dockerfile +#rm -f docker_edit.sed + +#if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then +# echo "Configuring Docker for burned-in/hybrid configuration." +# +# mv -f Dockerfile Dockerfile.setup +# cat < docker_edit.sed +#s/^## ADD /ADD / +#/^VOLUME/,+10 s/^/#/ +#EOF +# rm -f Dockerfile +# sed -f docker_edit.sed Dockerfile.setup > Dockerfile +# rm -f Dockerfile.setup +# rm -f docker_edit.sed +# +#fi - mv -f Dockerfile Dockerfile.setup - cat < docker_edit.sed -s/^#!# RUN /RUN / -EOF - rm -f Dockerfile - sed -f docker_edit.sed Dockerfile.setup > Dockerfile - rm -f Dockerfile.setup - rm -f docker_edit.sed -fi +#if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then +# echo "Configuring Dockerfile for use of secrets in a Windows container." +# +# mv -f Dockerfile Dockerfile.setup +# cat < docker_edit.sed +#s/^#!# RUN /RUN / +#EOF +# rm -f Dockerfile +# sed -f docker_edit.sed Dockerfile.setup > Dockerfile +# rm -f Dockerfile.setup +# rm -f docker_edit.sed +#fi # configure SSL keystore password in tomcat's config file: # conf/tomcat/server.xml replace: keystorePass="password" @@ -579,6 +581,12 @@ fi sed "s#keystorePass=\"password\"#keystorePass=\"${STOREPWD}\"#" ${TOMCFG}/server.xml.dist > ${TOMCFG}/server.xml +# +# copy Dockerfile template +# +cp /Dockerfile.template ${PWD}/Dockerfile + + # if the user chose to use secrets, then generate a directory containing the config with secrets removed if [ ${USESECRETS} == "YES" ]; then echo ""