mods for using upstream container

Dockerfile

@@ -5,19 +5,25 @@ RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=
     yum -y install wget zip unzip rsync openssl && \
     yum -y clean all
 
-#download/install JRE
-ENV JAVA_HOME /usr/java/latest
+#download/install Java
+ENV JAVA_HOME /usr
 
-RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \
-     yum -y install /tmp/jre-8u171-linux-x64.rpm && \
-     rm -f /tmp/jre-8u171-linux-x64.rpm && \
-     alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
-     alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
-     alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
+# Install Zulu Java
+RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
+        && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
+        && yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000
+
+#RUN wget -nv --no-cookies --no-check-certificate "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=233161_512cd62ec5174c3487ac17c61aaa89e8" -O /tmp/jre-8u171-linux-x64.rpm && \
+#     yum -y install /tmp/jre-8u171-linux-x64.rpm && \
+#     rm -f /tmp/jre-8u171-linux-x64.rpm && \
+#     alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
+#     alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
+#     alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
 
 #copy files
 RUN mkdir -p /output && mkdir -p /scriptrun
 COPY configBuilder.sh /scriptrun
+COPY Dockerfile.template /
 RUN chmod 755 /scriptrun/configBuilder.sh
 
 CMD /scriptrun/configBuilder.sh

Dockerfile.template

@@ -0,0 +1,25 @@
+FROM tier/shib-idp:newJavaTomcat
+
+# The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
+ARG TOMCFG=config/tomcat
+ARG TOMCERT=credentials/tomcat
+ARG TOMWWWROOT=wwwroot
+ARG SHBCFG=config/shib-idp/conf
+ARG SHBCREDS=credentials/shib-idp
+ARG SHBVIEWS=config/shib-idp/views
+ARG SHBEDWAPP=config/shib-idp/edit-webapp
+ARG SHBMSGS=config/shib-idp/messages
+ARG SHBMD=config/shib-idp/metadata
+
+# copy in the needed config files
+ADD ${TOMCFG} /usr/local/tomcat/conf
+ADD ${TOMCERT} /opt/certs
+ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
+ADD ${SHBCFG} /opt/shibboleth-idp/conf
+ADD ${SHBCREDS} /opt/shibboleth-idp/credentials
+ADD ${SHBVIEWS} /opt/shibboleth-idp/views
+ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp
+ADD ${SHBMSGS} /opt/shibboleth-idp/messages
+ADD ${SHBMD} /opt/shibboleth-idp/metadata
+
+

configBuilder.sh

@@ -12,13 +12,13 @@ TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/m
 TMP_DIR_S=/tmp/3.3release
 TMP_DIR_T=/tmp/tomcfg
 TMP_DIR_D=/tmp/buildfiles
-LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip
-WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip
+#LINUX_BUILD_FILES_URL=https://github.internet2.edu/docker/shib-idp/archive/master.zip
+#WINDOWS_BUILD_FILES_URL=https://github.internet2.edu/docker/ShibbIdP_noVM_Windows/archive/master.zip
 
 
 # default directories
 TOMCFG=config/tomcat
-TOMLOG=logs/tomcat
+#TOMLOG=logs/tomcat
 TOMCERT=credentials/tomcat
 TOMWWWROOT=wwwroot
 SHBCFG=config/shib-idp/conf
@@ -27,7 +27,7 @@ SHBVIEWS=config/shib-idp/views
 SHBEDWAPP=config/shib-idp/edit-webapp
 SHBMSGS=config/shib-idp/messages
 SHBMD=config/shib-idp/metadata
-SHBLOG=logs/shib-idp
+#SHBLOG=logs/shib-idp
 
 # logs
 LOGFILE=${PWD}/setup.log
@@ -50,7 +50,7 @@ USESECRETS=None
 ### ensure directory structure ###
 ##################################
 mkdir -p config/tomcat
-mkdir -p logs/tomcat
+#mkdir -p logs/tomcat
 mkdir -p credentials/tomcat
 mkdir -p wwwroot
 mkdir -p config/shib-idp/conf
@@ -59,42 +59,43 @@ mkdir -p config/shib-idp/views
 mkdir -p config/shib-idp/edit-webapp
 mkdir -p config/shib-idp/messages
 mkdir -p config/shib-idp/metadata
-mkdir -p logs/shib-idp
+#mkdir -p logs/shib-idp
 
 
 ###########################################################
 ### grab the docker build files, depending on OS choice ###
 ###########################################################
-# first, check for wget
-command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
-
-
-case "$BUILD_ENV" in
-LINUX | linux)
-    echo "Getting build files for a Linux container"
-    wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL}  > /dev/null
-    unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
-    cp -rf ${TMP_DIR_D}/shib-idp-master/* /output
-    ;;
-WINDOWS | windows)
-    echo "Getting build files for a Windows container"
-    wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL}  > /dev/null
-    unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
-    cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output
-    ;;
-*)
-    echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported).  Terminating."
-    exit 1
-    ;;
-esac
-
-rm -f /output/configBuilder.sh > /dev/null 2>&1
-rm -f /output/setup.log > /dev/null 2>&1
-rm -f /output/README.md > /dev/null 2>&1
-rm -rf /output/shib-idp-master/*
-
-#grab copy of Dockerfile in working dir
-cp -f /output/Dockerfile .
+## first, check for wget
+#command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
+#
+#
+#case "$BUILD_ENV" in
+#LINUX | linux)
+#    echo "Getting build files for a Linux container"
+#    wget -q -O ${TMP_DIR_D}.zip ${LINUX_BUILD_FILES_URL}  > /dev/null
+#    unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
+#    cp -rf ${TMP_DIR_D}/shib-idp-master/* /output
+#    ;;
+#WINDOWS | windows)
+#    echo "Getting build files for a Windows container"
+#    wget -q -O ${TMP_DIR_D}.zip ${WINDOWS_BUILD_FILES_URL}  > /dev/null
+#    unzip -o -d ${TMP_DIR_D} ${TMP_DIR_D}.zip > /dev/null 2>&1
+#    cp -rf ${TMP_DIR_D}/ShibbIdP_noVM_Windows-master/* /output
+#    ;;
+#*)
+#    echo "Environment variable BUILD_ENV was not found or had an incorrect value (only LINUX|WINDOWS is supported).  Terminating."
+#    exit 1
+#    ;;
+#esac
+#
+#rm -f /output/configBuilder.sh > /dev/null 2>&1
+#rm -f /output/setup.log > /dev/null 2>&1
+#rm -f /output/README.md > /dev/null 2>&1
+#rm -rf /output/shib-idp-master/*
+#
+##grab copy of Dockerfile in working dir
+#cp -f /output/Dockerfile .
+##############################################################
 
 
 ##############################################################
@@ -131,40 +132,42 @@ cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT}
 #
 # Get Oracle license agreement from the user
 #
-echo ""
-echo "The Shibboleth IdP requires that you use Oracle Java.  The Docker container "
-echo "should be configured to download it for you as part of the Docker image build "
-echo "process, but, before we proceed, you must agree to the Oracle Binary Code "
-echo "License Agreement for Java SE (\"Oracle License\").  Please review:"
-echo ""
-echo "  http://www.oracle.com/technetwork/java/javase/terms/license/index.html"
-echo ""
-echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not"
-echo "distributing the Java software and, to the extent an issue arises"
-echo "related to your use of Oracle Java in the TIER software package, you and"
-echo "Internet2 agree to hold each other harmless from any third party claims."
-echo ""${PWD}
+#echo ""
+#echo "The Shibboleth IdP requires that you use Oracle Java.  The Docker container "
+#echo "should be configured to download it for you as part of the Docker image build "
+#echo "process, but, before we proceed, you must agree to the Oracle Binary Code "
+#echo "License Agreement for Java SE (\"Oracle License\").  Please review:"
+#echo ""
+#echo "  http://www.oracle.com/technetwork/java/javase/terms/license/index.html"
+#echo ""
+#echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not"
+#echo "distributing the Java software and, to the extent an issue arises"
+#echo "related to your use of Oracle Java in the TIER software package, you and"
+#echo "Internet2 agree to hold each other harmless from any third party claims."
+#echo ""${PWD}
 #
-while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do
-    echo -n "Do you agree to the terms of the Oracle license [Yes/No]? "
-    read response
-    case $response in
-        Yes)
-            ORACLE_JAVA_APPROVAL=$response
-            ;;
-        No)
-            ORACLE_JAVA_APPROVAL=$response
-            ;;
-        *)
-            echo "Please respond with Yes or No"
-    esac
-done
-if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then
-    echo ""
-    echo "In order to use this implementation of the Shibboleth IdP, you must"
-    echo "use Oracle Java and thus agree to the terms of the Oracle license."
-    exit 0
-fi
+#while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do
+#    echo -n "Do you agree to the terms of the Oracle license [Yes/No]? "
+#    read response
+#    case $response in
+#        Yes)
+#            ORACLE_JAVA_APPROVAL=$response
+#            ;;
+#        No)
+#            ORACLE_JAVA_APPROVAL=$response
+#            ;;
+#        *)
+#            echo "Please respond with Yes or No"
+#    esac
+#done
+#if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then
+#    echo ""
+#    echo "In order to use this implementation of the Shibboleth IdP, you must"
+#    echo "use Oracle Java and thus agree to the terms of the Oracle license."
+#    exit 0
+#fi
+
+
 #
 # Get the FQDN of the server
 #
@@ -523,50 +526,49 @@ rm -f ${LDAP_PROP}.tmp5
 # adjust Dockerfile for java and for a burned-in config, if needed
 #
 #java first
-if test \! -f Dockerfile.dist; then
-    cp Dockerfile Dockerfile.dist
-fi
-cat <<EOF > docker_edit.sed
-s/^# ENV /ENV /
-s/^# RUN /RUN /
-s/^#     yum/     yum/
-s/^#     rm/     rm/
-s/^#     alternatives/     alternatives/
-s/^#     http/     http/
-s/^#     \&\&/     \&\&/
-EOF
-rm -f Dockerfile
-sed -f docker_edit.sed Dockerfile.dist > Dockerfile
-rm -f docker_edit.sed
-
-
-if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then
-  echo "Configuring Docker for burned-in/hybrid configuration."
-
-  mv -f Dockerfile Dockerfile.setup
-  cat <<EOF > docker_edit.sed
-s/^## ADD /ADD /
-/^VOLUME/,+10 s/^/#/
-EOF
-  rm -f Dockerfile
-  sed -f docker_edit.sed Dockerfile.setup > Dockerfile
-  rm -f Dockerfile.setup
-  rm -f docker_edit.sed
-
-fi
-
-if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then
-  echo "Configuring Dockerfile for use of secrets in a Windows container."
+#if test \! -f Dockerfile.dist; then
+#    cp Dockerfile Dockerfile.dist
+#fi
+#cat <<EOF > docker_edit.sed
+#s/^# ENV /ENV /
+#s/^# RUN /RUN /
+#s/^#     yum/     yum/
+#s/^#     rm/     rm/
+#s/^#     alternatives/     alternatives/
+#s/^#     http/     http/
+#s/^#     \&\&/     \&\&/
+#EOF
+#rm -f Dockerfile
+#sed -f docker_edit.sed Dockerfile.dist > Dockerfile
+#rm -f docker_edit.sed
+
+#if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then
+#  echo "Configuring Docker for burned-in/hybrid configuration."
+#
+#  mv -f Dockerfile Dockerfile.setup
+#  cat <<EOF > docker_edit.sed
+#s/^## ADD /ADD /
+#/^VOLUME/,+10 s/^/#/
+#EOF
+#  rm -f Dockerfile
+#  sed -f docker_edit.sed Dockerfile.setup > Dockerfile
+#  rm -f Dockerfile.setup
+#  rm -f docker_edit.sed
+#
+#fi
 
-  mv -f Dockerfile Dockerfile.setup
-  cat <<EOF > docker_edit.sed
-s/^#!# RUN /RUN /
-EOF
-  rm -f Dockerfile
-  sed -f docker_edit.sed Dockerfile.setup > Dockerfile
-  rm -f Dockerfile.setup
-  rm -f docker_edit.sed
-fi
+#if [ ${USESECRETS} == "YES" ] && [ ${BUILD_ENV} == "WINDOWS" ]; then
+#  echo "Configuring Dockerfile for use of secrets in a Windows container."
+#
+#  mv -f Dockerfile Dockerfile.setup
+#  cat <<EOF > docker_edit.sed
+#s/^#!# RUN /RUN /
+#EOF
+#  rm -f Dockerfile
+#  sed -f docker_edit.sed Dockerfile.setup > Dockerfile
+#  rm -f Dockerfile.setup
+#  rm -f docker_edit.sed
+#fi
 
 # configure SSL keystore password in tomcat's config file: 
 #    conf/tomcat/server.xml replace: keystorePass="password"
@@ -579,6 +581,12 @@ fi
 sed "s#keystorePass=\"password\"#keystorePass=\"${STOREPWD}\"#" ${TOMCFG}/server.xml.dist > ${TOMCFG}/server.xml
 
 
+#
+# copy Dockerfile template
+#
+cp /Dockerfile.template ${PWD}/Dockerfile
+
+
 # if the user chose to use secrets, then generate a directory containing the config with secrets removed
 if [ ${USESECRETS} == "YES" ]; then
  echo ""