From 6d2c85ae4449d8fd80b177b3a891381d67539c7d Mon Sep 17 00:00:00 2001 From: Jim Van Fleet Date: Wed, 13 Jul 2016 10:07:40 -0400 Subject: [PATCH 1/9] Attempt a secure connection to an InCommon SSL site --- tests/base.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/base.bats b/tests/base.bats index 1ede21d..8dbcf2a 100644 --- a/tests/base.bats +++ b/tests/base.bats @@ -1,6 +1,6 @@ #!/usr/bin/env bats -@test "addition using bc" { - result="$(echo 2+2 | bc)" - [ "$result" -eq 4 ] +@test "curl should connect to InCommon cert chain site successfully" { + run "docker run -it tier/centos7base curl https://github.internet2.edu/" + [ "$status" -eq 0 ] } \ No newline at end of file From e9460cdf2b5996b9da747bff0ecfc8524c0b776b Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Fri, 29 Jul 2016 12:23:30 -0400 Subject: [PATCH 2/9] Adding and installing trusted certs --- Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 88735c9..56812fb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,10 +15,15 @@ LABEL Build docker build --rm --tag $maintainer/$imagename . # Install base deps RUN yum -y install epel-release && yum -y update && yum clean all -RUN yum -y install --setopt=tsflags=nodocs epel-release && \ +RUN yum -y install --setopt=tsflags=nodocs epel-release && \ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cron \ yum -y update && yum clean all +# Install Trusted Certificates +RUN update-ca-trust force-enable +ADD ./cert/InCommon.crt /etc/pki/ca-trust/source/anchors/ +RUN update-ca-trust extract + # Set default environment variables. ENV HOME /root From 3abbdbf6a7d41cb4aceb525239a97d9cfe4e7dd6 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Fri, 29 Jul 2016 12:23:52 -0400 Subject: [PATCH 3/9] Added InCommon cert --- cert/InCommon.crt | 91 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 cert/InCommon.crt diff --git a/cert/InCommon.crt b/cert/InCommon.crt new file mode 100644 index 0000000..edcc20e --- /dev/null +++ b/cert/InCommon.crt @@ -0,0 +1,91 @@ +-----BEGIN CERTIFICATE----- +MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx +MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE +CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw +DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e +xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v +HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP +iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl +qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT +eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML +fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL +MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw +EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB +hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh +dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo +dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j +cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI +hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU +11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0 ++Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR +5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72 +hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo +RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED +Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i +eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa +nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b +oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH +OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt +UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC +tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf +jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM +8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm +AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV +Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 +N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF +qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 +HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ ++gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX +HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv +A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud +HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 +dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 +dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD +lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn +RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ +YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 +Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf +Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p +0fKtirOMxyHNwu8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- \ No newline at end of file From 280ddaf44852963d85cfdd4b2808988a81efc28a Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Fri, 29 Jul 2016 12:24:12 -0400 Subject: [PATCH 4/9] Force image removal --- cleanup_and_stop.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cleanup_and_stop.sh b/cleanup_and_stop.sh index 38eae72..02bf4c3 100755 --- a/cleanup_and_stop.sh +++ b/cleanup_and_stop.sh @@ -3,7 +3,6 @@ source common.sh . echo "Cleaning up Docker image($maintainer/$imagename)" -docker rmi $maintainer/$imagename >> /dev/null +docker rmi -f $maintainer/$imagename >> /dev/null exit 0 - From 835cd037ea70c4960382492650c1a460c5fb7df5 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Fri, 29 Jul 2016 12:24:59 -0400 Subject: [PATCH 5/9] Test for working connection with InCommon cert chain --- tests/base.bats | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/base.bats b/tests/base.bats index 8dbcf2a..823e9cd 100644 --- a/tests/base.bats +++ b/tests/base.bats @@ -1,6 +1,8 @@ #!/usr/bin/env bats @test "curl should connect to InCommon cert chain site successfully" { - run "docker run -it tier/centos7base curl https://github.internet2.edu/" + run docker run -it tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/ + echo ${output} [ "$status" -eq 0 ] -} \ No newline at end of file + [[ ${output} == *"302"* || ${output} == *"200"* ]] +} From 9f2ada5c38b0d228d5350bc7eadb5ac119c12105 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Fri, 29 Jul 2016 14:28:59 -0400 Subject: [PATCH 6/9] Removed tty --- tests/base.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/base.bats b/tests/base.bats index 823e9cd..5ed7294 100644 --- a/tests/base.bats +++ b/tests/base.bats @@ -1,7 +1,7 @@ #!/usr/bin/env bats @test "curl should connect to InCommon cert chain site successfully" { - run docker run -it tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/ + run docker run -i tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/ echo ${output} [ "$status" -eq 0 ] [[ ${output} == *"302"* || ${output} == *"200"* ]] From 2bf82b69c3cf98c18b03b2d6d28cb21e87c37a37 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Tue, 2 Aug 2016 10:52:30 -0400 Subject: [PATCH 7/9] Added template files from util project. --- .gitignore | 7 +++++++ BINSCRIPTS.md | 41 +++++++++++++++++++++++++++++++++++++++++ common.bash | 2 ++ 3 files changed, 50 insertions(+) create mode 100644 .gitignore create mode 100644 BINSCRIPTS.md create mode 100644 common.bash diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7323a01 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +bin/build.sh +bin/destroy.sh +bin/install.sh +bin/rebuild.sh +bin/rerun.sh +bin/run.sh +bin/test.sh diff --git a/BINSCRIPTS.md b/BINSCRIPTS.md new file mode 100644 index 0000000..8569b7d --- /dev/null +++ b/BINSCRIPTS.md @@ -0,0 +1,41 @@ +# util + +This repository is intended to be downloaded into a container repository during development for convenience purposes. Since the major mechanisms of developing to the Docker container construction lifecycle are identical across container images, this repository allows for consistency and additional ease of use across all container images. + +## Install + +If you are reading this file in BINSCRIPTS.md, your container project is likely to be util-enabled. + +To use these scripts yourself, issue this command: + +``` +curl "https://github.internet2.edu/raw/docker/util/master/bin/install.sh?token=AAAAEddkrL9MeeA6VWcNn_PgV30r4lD1ks5XogeiwA%3D%3D" | bash +``` + +### common.bash + +The installation process will create a common.bash file. This file should be the central, canonical authority for management of environment variables. While a subprocess may override them, the files in common.bash should be treated as authoritative defaults. Processes (e.g. `docker build`, `bats`, inside `Jenkinsfile`) can read this file and process the results therein. + +You should edit this file to change the image name, and add any other helpful environment variables. + +### Jenkinsfile + +This will also install a Jenkinsfile to your repository, if it doesn't have one. This will ensure that your Jenkins pipeline can leverage these scripts in the way intended. Ensuring the commands that you issue on your laptop match the commands issued by the build pipeline is critical to ensure predictable, reliable results. + +## Use + + +### Building + +#### build.sh +`bin/build.sh ` +#### destroy.sh +#### rebuild.sh + +### Running +### rerun.sh +### run.sh + + +### Testing +#### test.sh \ No newline at end of file diff --git a/common.bash b/common.bash new file mode 100644 index 0000000..96e0143 --- /dev/null +++ b/common.bash @@ -0,0 +1,2 @@ +maintainer="tier" +imagename="imagename-replaceme-in-common-bash" \ No newline at end of file From 8af0dcb51a9d347690efd70632edc5bbb31b2a92 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Tue, 2 Aug 2016 10:55:15 -0400 Subject: [PATCH 8/9] Added centos7base as imagename --- common.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.bash b/common.bash index 96e0143..960ef7d 100644 --- a/common.bash +++ b/common.bash @@ -1,2 +1,2 @@ maintainer="tier" -imagename="imagename-replaceme-in-common-bash" \ No newline at end of file +imagename="centos7base" From 4021f8348250779ee76123a6d117c018f942b5a0 Mon Sep 17 00:00:00 2001 From: Chris Bynum Date: Tue, 2 Aug 2016 10:55:50 -0400 Subject: [PATCH 9/9] Using common variables in script --- tests/base.bats | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/base.bats b/tests/base.bats index 5ed7294..157f53a 100644 --- a/tests/base.bats +++ b/tests/base.bats @@ -1,7 +1,9 @@ #!/usr/bin/env bats +load ../common + @test "curl should connect to InCommon cert chain site successfully" { - run docker run -i tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/ + run docker run -i $maintainer/$imagename curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/ echo ${output} [ "$status" -eq 0 ] [[ ${output} == *"302"* || ${output} == *"200"* ]]