diff --git a/Dockerfile b/Dockerfile index f289a96..bbaed60 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,91 +16,96 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM centos:centos7 AS php-build +FROM php:7.3.6-apache-stretch -ARG PHP_VERSION=7.3.6 -ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz +# Official PHP image with Apache HTTPD includes +# --with-openssl +# --with-mbstring +# but xls, pdo, pdo_mysql, pdo_pgsql, mysqli, pgsql, +# and ldap extensions must be built. +RUN apt-get update && apt-get install -y \ + libldap-2.4-2 \ + libldap2-dev \ + libmariadbclient18 \ + libmariadbclient-dev \ + libpq-dev \ + libxml2 \ + libxslt1-dev \ + libxslt1.1 \ + ssl-cert \ + wget \ + zlib1g \ + libpcre3-dev \ + && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \ + && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \ + && docker-php-ext-configure mysqli \ + && docker-php-ext-install xsl pdo pdo_mysql pdo_pgsql mysqli pgsql ldap \ + && docker-php-source delete \ + && apt-get purge -y \ + libldap2-dev \ + libmysqlclient-dev \ + libpq-dev \ + && apt-get clean -RUN yum -y install epel-release \ - && yum clean all +ARG COMANAGE_REGISTRY_VERSION +ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION:-develop} +LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION} -RUN yum -y update \ - && yum -y install \ - autoconf \ - bison \ - gcc \ - httpd-devel \ - libargon2-devel \ - libcurl-devel \ - libedit-devel \ - libsodium-devel \ - libxml2-devel \ - libxslt-devel \ - make \ - mariadb-devel \ - openldap-devel \ - openssl-devel \ - postgresql-devel \ - re2c \ - wget \ - && yum clean all +ENV COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz -WORKDIR /usr/local/src +ARG COMANAGE_REGISTRY_DIR +ENV COMANAGE_REGISTRY_DIR ${COMANAGE_REGISTRY_DIR:-/srv/comanage-registry} +LABEL comanage_registry_dir=${COMANAGE_REGISTRY_DIR} -RUN mkdir php-src \ - && wget -O php-src.tar.gz ${PHP_SRC_URL} \ - && tar zxf php-src.tar.gz -C php-src --strip-components=1 \ - && rm php-src.tar.gz +WORKDIR $COMANAGE_REGISTRY_DIR -ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" -ENV PHP_CPPFLAGS="$PHP_CFLAGS" -ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" +RUN mkdir -p ${COMANAGE_REGISTRY_DIR} \ + && wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \ + && tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \ + && rm -f comanage.tar.gz \ + && rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \ + && cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \ + && chown -R www-data:www-data ${COMANAGE_REGISTRY_DIR}/app/tmp \ + && cd /var/www/html \ + && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \ + && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* -RUN cd php-src \ - && ./buildconf --force \ - && ./configure \ - --disable-cgi \ - --enable-mbstring \ - --enable-mysqlnd \ - --with-apxs2=/usr/bin/apxs \ - --with-config-file-path=/usr/local/etc/php \ - --with-config-file-scan-dir=/usr/local/etc/php/conf.d \ - --with-curl \ - --with-ldap \ - --with-libdir=lib64 \ - --with-libedit \ - --with-mysqli \ - --with-openssl \ - --with-password-argon2 \ - --with-pdo-mysql \ - --with-pdo-pgsql \ - --with-pgsql \ - --with-sodium \ - --with-xsl \ - --with-zlib \ - && export CFLAGS="$PHP_CFLAGS" \ - && export CPPFLAGS="$PHP_CPPFLAGS" \ - && export LDFLAGS="$PHP_LDFLAGS" \ - && make -j "$(nproc)" \ - && make install +RUN a2enmod headers \ + && a2enmod ssl \ + && a2enmod rewrite \ + && a2dissite 000-default.conf \ + && a2disconf other-vhosts-access-log \ + && cd /etc/apache2 \ + && ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem cert.pem \ + && ln -s /etc/ssl/private/ssl-cert-snakeoil.key privkey.pem -RUN rm -rf php-src \ - && yum -y remove \ - autoconf \ - bison \ - gcc \ - httpd-devel \ - libargon2-devel \ - libcurl-devel \ - libedit-devel \ - libsodium-devel \ - libxml2-devel \ - libxslt-devel \ - make \ - mariadb-devel \ - openldap-devel \ - openssl-devel \ - postgresql-devel \ - re2c \ - wget \ - && yum clean all +COPY apache-include-directory-registry /etc/apache2/ +COPY apache-include-virtual-host-port443-base /etc/apache2/ +COPY apache-include-virtual-host-port80-redirect /etc/apache2/ + +COPY comanage_utils.sh /usr/local/lib/ +COPY comanage_shibboleth_sp_utils.sh /usr/local/lib/ +COPY docker-comanage-entrypoint /usr/local/bin/ + +VOLUME ${COMANAGE_REGISTRY_DIR}/local + +EXPOSE 80 443 + +# Allow values for first administrator bootstrapped into the +# platform to be specified at image build time, in addition to +# being injected at run time through the entrypoint script. +ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME +ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME +ARG COMANAGE_REGISTRY_ADMIN_USERNAME +ARG COMANAGE_REGISTRY_ENABLE_POOLING + +# Set simple defaults for first administrator bootstrapped into the +# platform to make simple evaluation of the platform easier. +ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:-Registry} +ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-Admin} +ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin} +ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No} + +ENTRYPOINT ["docker-comanage-entrypoint"] + +CMD ["apache2-foreground"] diff --git a/README.md b/README.md index f468874..615a9bf 100644 --- a/README.md +++ b/README.md @@ -19,40 +19,44 @@ See the License for the specific language governing permissions and limitations under the License. --> -# COmanage Registry Internet2 TIER Base Image +# COmanage Registry Base Image -Intended to build a COmanage Registry for Internet2 TIER base image -using CentOS 7 as the operating system and building PHP from source. +Intended to build a COmanage Registry base image +using the official PHP with Apache image as the foundation. -By itself the image built from this Dockerfile does **not** provide -COmanage Registry. +By itself the image built from this Dockerfile does **not** provide any +method for authentication and is not suitable for deployment. The image built from this Dockerfile is used as the base -for the Internet2 TIER image that includes COmanage Registry -with the Shibboleth Native SP for Apache HTTP Server (Shibboleth) -as the authentication mechanism. +for images that include an authentication mechanism. +See other documentation in this +repository for examples on how to build images on this +one that include authentication methods like Basic Auth, +Shibboleth SP, and mod\_auth\_openidc. ## Build Arguments -No arguments are required for the build but the following argument -may be provided to override the default: +Building the image requires the following build argument: ``` ---build-arg PHP_VERSION= +--build-arg COMANAGE_REGISTRY_VERSION= ``` ## Building ``` docker build \ - -t comanage-registry-internet2-tier-base: . + --build-arg COMANAGE_REGISTRY_VERSION= \ + -t comanage-registry-base: . ``` ## Building Example ``` -export COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=1 -TAG="${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION}" +export COMANAGE_REGISTRY_VERSION=3.2.1 +export COMANAGE_REGISTRY_BASE_IMAGE_VERSION=1 +TAG="${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_BASE_IMAGE_VERSION}" docker build \ - -t comanage-registry-internet2-tier-base:${TAG} . + --build-arg COMANAGE_REGISTRY_VERSION=${COMANAGE_REGISTRY_VERSION} \ + -t comanage-registry-base:${TAG} . ``` diff --git a/apache-include-directory-registry b/apache-include-directory-registry new file mode 100644 index 0000000..b76eee4 --- /dev/null +++ b/apache-include-directory-registry @@ -0,0 +1,6 @@ + +Options Indexes FollowSymLinks +DirectoryIndex index.php +AllowOverride All +Require all granted + diff --git a/apache-include-virtual-host-port443-base b/apache-include-virtual-host-port443-base new file mode 100644 index 0000000..999d08f --- /dev/null +++ b/apache-include-virtual-host-port443-base @@ -0,0 +1,14 @@ +ServerName https://${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}:443 + +DocumentRoot /var/www/html + +RedirectMatch ^/$ /registry/ + +LogLevel warn + +Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" + +SSLEngine on +SSLProtocol all -SSLv2 -SSLv3 +SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH +SSLHonorCipherOrder on diff --git a/apache-include-virtual-host-port80-redirect b/apache-include-virtual-host-port80-redirect new file mode 100644 index 0000000..0e61457 --- /dev/null +++ b/apache-include-virtual-host-port80-redirect @@ -0,0 +1,6 @@ + +ServerName http://${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}:80 +RewriteEngine On +RewriteCond %{HTTPS} off +RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA] + diff --git a/comanage_shibboleth_sp_utils.sh b/comanage_shibboleth_sp_utils.sh new file mode 100755 index 0000000..dd9cacf --- /dev/null +++ b/comanage_shibboleth_sp_utils.sh @@ -0,0 +1,317 @@ +#!/bin/bash + +# COmanage Registry Shibboleth SP Dockerfile entrypoint +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ -n "$COMANAGE_DEBUG" ] +then + OUTPUT=/dev/stdout +else + OUTPUT=/dev/null +fi + +########################################## +# Consume injected environment variables +# Globals: +# See function +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_shibboleth_sp_utils::consume_injected_environment() { + + echo "Examining environment variables for Shibboleth SP..." > "$OUTPUT" + + # Configuration details that may be injected through environment + # variables or the contents of files. + # + # SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the + # same way but because of the presence of special characters in the + # XML it is handled differently. + + injectable_config_vars=( + SHIBBOLETH_SP_ENTITY_ID + SHIBBOLETH_SP_CERT + SHIBBOLETH_SP_PRIVKEY + SHIBBOLETH_SP_SIGNING_CERT + SHIBBOLETH_SP_SIGNING_PRIVKEY + SHIBBOLETH_SP_ENCRYPT_CERT + SHIBBOLETH_SP_ENCRYPT_PRIVKEY + SHIBBOLETH_SP_SAMLDS_URL + ) + + # If the file associated with a configuration variable is present then + # read the value from it into the appropriate variable. So for example + # if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its + # value points to a file on the file system then read the contents + # of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + + for config_var in "${injectable_config_vars[@]}" + do + eval file_name=\$"${config_var}_FILE"; + + if [ -e "$file_name" ]; then + payload=`cat $file_name` + declare "${config_var}"="${payload}" + fi + done + + echo "Done examining environment variables" > "$OUTPUT" +} + +########################################## +# Prepare shibboleth2.xml configuration file +# Globals: +# OUTPUT +# SHIBBOLETH_SP_ENTITY_ID +# SHIBBOLETH_SP_SAMLDS_URL +# SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_shibboleth_sp_utils::prepare_shibboleth2xml() { + + local shib_file + local xml_content_file + local sed_script_file + + # If no shibboleth2.xml file is present then create one using + # injected information or defaults that are not particularly + # useful in a federated context but will allow shibd to start. + shib_file='/etc/shibboleth/shibboleth2.xml' + + if [[ ! -e "${shib_file}" ]]; then + cp "${shib_file}.template" "${shib_file}" > "${OUTPUT}" 2>&1 + sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ "${shib_file}" > "${OUTPUT}" 2>&1 + sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ "${shib_file}" > "${OUTPUT}" 2>&1 + + # The metadata provider injected input most likely contains special characters + # so use a sed script instead of simple substitution on the command line. + + if [[ -n "${SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE}" ]]; then + xml_content_file="${SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE}" + else + xml_content_file=`/bin/mktemp` + echo "${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-}" > "${xml_content_file}" + fi + + sed_script_file=`/bin/mktemp` + cat > ${sed_script_file}< "${OUTPUT}" 2>&1 + + chmod 0644 "${shib_file}" > "${OUTPUT}" 2>&1 + + rm -f "${xml_content_file}" > "${OUTPUT}" 2>&1 + rm -f "${sed_script_file}" > "${OUTPUT}" 2>&1 + + fi +} + +########################################## +# Prepare SAML certs and keys +# Globals: +# SHIBBOLETH_SP_CERT +# SHIBBOLETH_SP_PRIVKEY +# SHIBBOLETH_SP_SIGNING_CERT +# SHIBBOLETH_SP_SIGNING_PRIVKEY +# SHIBBOLETH_SP_ENCRYPT_CERT +# SHIBBOLETH_SP_ENCRYPT_PRIVKEY +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_shibboleth_sp_utils::prepare_saml_cert_key() { + + local saml_file + local owner + + if [[ -e '/etc/debian_version' ]]; then + owner='_shibd' + elif [[ -e '/etc/centos-release' ]]; then + owner='shibd' + fi + + # If defined use configured location of Shibboleth SP SAML certificate and key. + saml_file='/etc/shibboleth/sp-cert.pem' + if [[ -n "${SHIBBOLETH_SP_CERT}" ]]; then + cp "${SHIBBOLETH_SP_CERT}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0644 "${saml_file}" + fi + + saml_file='/etc/shibboleth/sp-key.pem' + if [[ -n "${SHIBBOLETH_SP_PRIVKEY}" ]]; then + cp "${SHIBBOLETH_SP_PRIVKEY}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0600 "${saml_file}" + fi + + saml_file='/etc/shibboleth/sp-signing-cert.pem' + if [[ -n "${SHIBBOLETH_SP_SIGNING_CERT}" ]]; then + cp "${SHIBBOLETH_SP_SIGNING_CERT}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0644 "${saml_file}" + fi + + saml_file='/etc/shibboleth/sp-signing-key.pem' + if [[ -n "${SHIBBOLETH_SP_SIGNING_PRIVKEY}" ]]; then + cp "${SHIBBOLETH_SP_SIGNING_PRIVKEY}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0600 "${saml_file}" + fi + + saml_file='/etc/shibboleth/sp-encrypt-cert.pem' + if [[ -n "${SHIBBOLETH_SP_ENCRYPT_CERT}" ]]; then + cp "${SHIBBOLETH_SP_ENCRYPT_CERT}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0644 "${saml_file}" + fi + + saml_file='/etc/shibboleth/sp-encrypt-key.pem' + if [[ -n "${SHIBBOLETH_SP_ENCRYPT_PRIVKEY}" ]]; then + cp "${SHIBBOLETH_SP_ENCRYPT_PRIVKEY}" "${saml_file}" + chown "${owner}" "${saml_file}" + chmod 0600 "${saml_file}" + fi +} + +########################################## +# Manage UID and GID on files +# Globals: +# None +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_shibboleth_sp_utils::manage_uid_gid() { + + local owner + local ownership + local not_readable + + # A deployer may make their own mapping between the shibd username + # and the UID, and between the shibd group and GID, so before starting + # make sure files have the correct ownership and group. + + not_readable='/tmp/shibd-not-readable' + + if [[ -e '/etc/debian_version' ]]; then + owner='_shibd' + ownership="${owner}:${owner}" + + chown "${ownership}" /etc/shibboleth/sp-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-key.pem > /dev/null 2>&1 + + chown "${ownership}" /etc/shibboleth/sp-signing-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-signing-key.pem > /dev/null 2>&1 + + chown "${ownership}" /etc/shibboleth/sp-encrypt-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-encrypt-key.pem > /dev/null 2>&1 + + chown "${ownership}" /opt/shibboleth-sp/var > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/run > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/run/shibboleth > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/run/shibboleth/shibd.sock > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth/transaction.log > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth/signature.log > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth/shibd_warn.log > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth/shibd.log > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/log/shibboleth-www > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/cache > /dev/null 2>&1 + chown "${ownership}" /opt/shibboleth-sp/var/cache/shibboleth > /dev/null 2>&1 + elif [[ -e '/etc/centos-release' ]]; then + owner='shibd' + ownership="${owner}:${owner}" + + chown "${ownership}" /etc/shibboleth/sp-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-key.pem > /dev/null 2>&1 + + chown "${ownership}" /etc/shibboleth/sp-signing-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-signing-key.pem > /dev/null 2>&1 + + chown "${ownership}" /etc/shibboleth/sp-encrypt-cert.pem > /dev/null 2>&1 + chown "${ownership}" /etc/shibboleth/sp-encrypt-key.pem > /dev/null 2>&1 + fi + + # Warn about any files the shibd user cannot read. + sudo -u "${owner}" find /etc/shibboleth ! -readable > "${not_readable}" 2>/dev/null + if [[ -s "${not_readable}" ]]; then + echo "WARNING: the following files are not readable by ${owner}" + cat "${not_readable}" + echo "" + fi + + rm -f "${not_readable}" > /dev/null 2>&1 +} + +########################################## +# Exec to start and become Shibboleth SP shibd +# Globals: +# None +# Arguments: +# Command and arguments to exec +# Returns: +# Does not return +########################################## +function comanage_shibboleth_sp_utils::exec_shibboleth_sp_daemon() { + + local user + local group + local shibd_daemon + local config + local pidfile + + comanage_shibboleth_sp_utils::consume_injected_environment + + comanage_shibboleth_sp_utils::prepare_shibboleth2xml + + comanage_shibboleth_sp_utils::prepare_saml_cert_key + + comanage_shibboleth_sp_utils::manage_uid_gid + + config='/etc/shibboleth/shibboleth2.xml' + pidfile='/var/run/shibboleth/shibd.pid' + + if [[ -e '/etc/debian_version' ]]; then + user='_shibd' + group='_shibd' + shibd_daemon='/opt/shibboleth-sp/sbin/shibd' + elif [[ -e '/etc/centos-release' ]]; then + user='shibd' + group='shibd' + shibd_daemon='/usr/sbin/shibd' + export LD_LIBRARY_PATH=/opt/shibboleth/lib64 + fi + + exec "${shibd_daemon}" -f -u "${user}" -g "${group}" -c "${config}" -p "${pidfile}" -F +} diff --git a/comanage_utils.sh b/comanage_utils.sh new file mode 100644 index 0000000..a7d48f1 --- /dev/null +++ b/comanage_utils.sh @@ -0,0 +1,703 @@ +#!/bin/bash + +# COmanage Registry bash shell utilities +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ -n "$COMANAGE_DEBUG" ] +then + OUTPUT=/dev/stdout +else + OUTPUT=/dev/null +fi + +########################################## +# Configure console (stdout) logging +# Globals: +# COMANAGE_REGISTRY_DIR +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::configure_console_logging() { + sed -ie 's/'"'"'engine'"'"' => '"'"'FileLog'"'"'/'"'"'engine'"'"' => '"'"'ConsoleLog'"'"'/' "$COMANAGE_REGISTRY_DIR/app/Config/bootstrap.php" +} + +########################################## +# Configure TIER logging +# Globals: +# ENV +# USERTOKEN +# OUTPUT +# Arguments: +# NONE +# Returns: +# None +########################################## +function comanage_utils::configure_tier_logging() { + + comanage_utils::manage_tier_environment + + # Create pipes to use for COmanage Registry instead of standard log files. + rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1 + rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1 + mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1 + mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1 + + # Format any output from COmanange Registry into standard TIER form. + (cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)& + (cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)& +} + +########################################## +# Consume injected environment variables +# Globals: +# See function +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::consume_injected_environment() { + + echo "Examining environment variables..." > "$OUTPUT" + + # Configuration details that may be injected through environment + # variables or the contents of files. + local injectable_config_vars + + injectable_config_vars=( + COMANAGE_REGISTRY_ADMIN_GIVEN_NAME + COMANAGE_REGISTRY_ADMIN_FAMILY_NAME + COMANAGE_REGISTRY_ADMIN_USERNAME + COMANAGE_REGISTRY_DATASOURCE + COMANAGE_REGISTRY_DATABASE + COMANAGE_REGISTRY_DATABASE_HOST + COMANAGE_REGISTRY_DATABASE_USER + COMANAGE_REGISTRY_DATABASE_USER_PASSWORD + COMANAGE_REGISTRY_EMAIL_FROM + COMANAGE_REGISTRY_EMAIL_TRANSPORT + COMANAGE_REGISTRY_EMAIL_HOST + COMANAGE_REGISTRY_EMAIL_PORT + COMANAGE_REGISTRY_EMAIL_ACCOUNT + COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD + COMANAGE_REGISTRY_SECURITY_SALT + COMANAGE_REGISTRY_SECURITY_SEED + COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN + HTTPS_CERT_FILE + HTTPS_PRIVKEY_FILE + SERVER_NAME + ) + + # If the file associated with a configuration variable is present then + # read the value from it into the appropriate variable. So for example + # if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its + # value points to a file on the file system then read the contents + # of that file into the variable COMANAGE_REGISTRY_DATASOURCE. + + local config_var + for config_var in "${injectable_config_vars[@]}" + do + local file_name + eval file_name=\$"${config_var}_FILE"; + + if [[ -e "$file_name" ]]; then + declare -g "${config_var}"=`cat $file_name` + echo "Set ${config_var} to be contents of ${file_name}" > "$OUTPUT" + fi + done + + echo "Done examining environment variables" > "$OUTPUT" +} + +########################################## +# Enable non-core plugins +# Globals: +# COMANAGE_REGISTRY_DIR +# COMANAGE_REGISTRY_ENABLE_PLUGIN +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::enable_plugins() { + + # Enable any supported non-core plugins if requested. + if [[ -n "$COMANAGE_REGISTRY_ENABLE_PLUGIN" ]]; then + local plugins + local plugin + plugins=(`echo "$COMANAGE_REGISTRY_ENABLE_PLUGIN" | sed -e 's@,@ @g'`) > "$OUTPUT" 2>&1 + for plugin in "${plugins[@]}"; + do + echo "Enabling available plugin $plugin..." > "$OUTPUT" 2>&1 + pushd "$COMANAGE_REGISTRY_DIR/local/Plugin" > "$OUTPUT" 2>&1 + ln -s "../../app/AvailablePlugin/$plugin" "$plugin" > "$OUTPUT" 2>&1 + popd > "$OUTPUT" 2>&1 + pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1 + ./Console/cake database > "$OUTPUT" 2>&1 + popd > "$OUTPUT" 2>&1 + done + + # Clear the caches. + comanage_utils::registry_clear_cache + fi +} + +########################################## +# Exec to start and become Apache HTTP Server +# Globals: +# None +# Arguments: +# Command and arguments to exec +# Returns: +# Does not return +########################################## +function comanage_utils::exec_apache_http_server() { + + comanage_utils::consume_injected_environment + + comanage_utils::configure_console_logging + + comanage_utils::prepare_local_directory + + comanage_utils::prepare_database_config + + comanage_utils::prepare_email_config + + comanage_utils::prepare_https_cert_key + + comanage_utils::prepare_server_name + + comanage_utils::wait_database_connectivity + + comanage_utils::registry_setup + + comanage_utils::registry_upgrade + + comanage_utils::enable_plugins + + comanage_utils::registry_clear_cache + + comanage_utils::tmp_ownership + + # first arg is `-f` or `--some-option` + if [ "${1#-}" != "$1" ]; then + set -- apache2-foreground "$@" + fi + + exec "$@" +} + +########################################## +# Manage TIER environment variables +# Globals: +# None +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::manage_tier_environment() { + + # If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it. + if [[ ${ENV} =~ .*";".* ]]; then + ENV=`echo ${ENV} | tr -d ';'` + export ENV + fi + + if [[ ${USERTOKEN} =~ .*";".* ]]; then + USERTOKEN=`echo ${USERTOKEN} | tr -d ';'` + export USERTOKEN + fi + + # If ENV or USERTOKEN as injected by the deployer contain a space remove it. + if [[ ${ENV} =~ [[:space:]] ]]; then + ENV=`echo ${ENV} | tr -d [:space:]` + export ENV + fi + + if [[ ${USERTOKEN} =~ [[:space:]] ]]; then + USERTOKEN=`echo ${USERTOKEN} | tr -d [:space:]` + export USERTOKEN + fi +} + +########################################## +# Prepare database configuration +# Globals: +# COMANAGE_REGISTRY_DATABASE +# COMANAGE_REGISTRY_DATABASE_HOST +# COMANAGE_REGISTRY_DATABASE_USER +# COMANAGE_REGISTRY_DATABASE_USER_PASSWORD +# COMANAGE_REGISTRY_DATASOURCE +# COMANAGE_REGISTRY_DIR +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::prepare_database_config() { + + # If the COmanage Registry database configuration file does not exist + # then try to create it from injected information with reasonable defaults + # that aid simple evaluation deployments. + local database_config + database_config="$COMANAGE_REGISTRY_DIR/local/Config/database.php" + + if [[ ! -e "$database_config" ]]; then + cat > "$database_config" < '${COMANAGE_REGISTRY_DATASOURCE:-Database/Postgres}', + 'persistent' => false, + 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}', + 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}', + 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}', + 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}', + 'prefix' => 'cm_', + ); + +} +EOF + echo "Wrote new database configuration file ${database_config}" > "$OUTPUT" + fi +} + +########################################## +# Prepare email configuration +# Globals: +# COMANAGE_REGISTRY_EMAIL_ACCOUNT +# COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD +# COMANAGE_REGISTRY_EMAIL_FROM +# COMANAGE_REGISTRY_EMAIL_HOST +# COMANAGE_REGISTRY_EMAIL_PORT +# COMANAGE_REGISTRY_EMAIL_TRANSPORT +# COMANAGE_REGISTRY_DIR +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::prepare_email_config() { + + # If the COmanage Registry email configuration file does not exist + # then try to create it from injected information with reasonable defaults + # that aid simple evaluation deployments. + local email_config + email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php" + + if [ ! -e "$email_config" ]; then + cat > "$email_config" < ${COMANAGE_REGISTRY_EMAIL_FROM:-array('account@gmail.com' => 'Registry')}, + 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}', + 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}', + 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465}, + 'username' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT:-account@gmail.com}', + 'password' => '${COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD:-password}' + ); +} +EOF + echo "Wrote new email configuration file ${email_config}" > "$OUTPUT" + fi +} + +########################################## +# Prepare cert and key for HTTPS +# Globals: +# HTTPS_CERT_FILE +# HTTPS_PRIVKEY_FILE +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::prepare_https_cert_key() { + + local cert_path + local privkey_path + local web_user + + if [[ -e '/etc/debian_version' ]]; then + cert_path='/etc/apache2/cert.pem' + privkey_path='/etc/apache2/privkey.pem' + web_user='www-data' + elif [[ -e '/etc/centos-release' ]]; then + cert_path='/etc/httpd/cert.pem' + privkey_path='/etc/httpd/privkey.pem' + web_user='apache' + fi + + # If defined use configured location of Apache HTTP Server + # HTTPS certificate and key files. The certificate file may also + # include intermediate CA certificates, sorted from leaf to root. + if [[ -n "${HTTPS_CERT_FILE}" ]]; then + rm -f "${cert_path}" + cp "${HTTPS_CERT_FILE}" "${cert_path}" + chown "${web_user}" "${cert_path}" + chmod 0644 "${cert_path}" + echo "Copied HTTPS certificate file ${HTTPS_CERT_FILE} to ${cert_path}" > "$OUTPUT" + echo "Set ownership of ${cert_path} to ${web_user}" > "$OUTPUT" + fi + + if [[ -n "${HTTPS_PRIVKEY_FILE}" ]]; then + rm -f "${privkey_path}" + cp "${HTTPS_PRIVKEY_FILE}" "${privkey_path}" + chown "${web_user}" "${privkey_path}" + chmod 0600 "${privkey_path}" + echo "Copied HTTPS private key file ${HTTPS_PRIVKEY_FILE} to ${privkey_path}" > "$OUTPUT" + echo "Set ownership of ${privkey_path} to ${web_user}" > "$OUTPUT" + fi +} + +########################################## +# Prepare local directory structure +# Globals: +# COMANAGE_REGISTRY_DIR +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::prepare_local_directory() { + + # Make sure the directory structure we need is available + # in the data volume for $COMANAGE_REGISTRY_DIR/local + local directories + + declare -a directories=("Config" + "Plugin" + "View/Pages/public" + "webroot/img" + ) + + local dir + local full_path + for dir in "${directories[@]}" + do + full_path="${COMANAGE_REGISTRY_DIR}/local/${dir}" + if [[ ! -d "${full_path}" ]]; then + mkdir -p "${full_path}" > "$OUTPUT" 2>&1 + echo "Created directory ${full_path}" + fi + done +} + +########################################## +# Prepare web server name +# Globals: +# SERVER_NAME +# COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::prepare_server_name() { + + # SERVER_NAME is deprecated in favor of COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN + # and will not be supported in a future version. + if [[ -n "$SERVER_NAME" ]]; then + echo "SERVER_NAME is deprecated and will not be supported in a future version" + echo "Use COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN instead of SERVER_NAME" + if [[ -z "$COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN" ]]; then + COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN="${SERVER_NAME}" + echo "SERVER_NAME=${SERVER_NAME} has been injected" > "$OUTPUT" + echo "Setting COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}" + fi + fi + + # If COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN has not been injected try to determine + # it from the HTTPS_CERT_FILE. + if [[ -z "$COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN" ]]; then + COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=$(openssl x509 -in /etc/apache2/cert.pem -text -noout | + sed -n '/X509v3 Subject Alternative Name:/ {n;p}' | + sed -E 's/.*DNS:(.*)\s*$/\1/') + if [[ -n "$COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN" ]]; then + echo "Set COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN} using Subject Alternative Name from x509 certificate" > "$OUTPUT" + else + COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=$(openssl x509 -in /etc/apache2/cert.pem -subject -noout | + sed -E 's/subject=.*CN=(.*)\s*/\1/') + if [[ -n "$COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN" ]]; then + echo "Set COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN} using CN from x509 certificate" > "$OUTPUT" + fi + fi + fi + + # Configure Apache HTTP Server with the server name. + # This configures the server name for the default Debian + # Apache HTTP Server configuration but not the server name used + # by any virtual hosts. + if [[ -e '/etc/debian_version' ]]; then + cat > /etc/apache2/conf-available/server-name.conf < "$OUTPUT" 2>&1 + fi + + # Export the server name so that it may be used by + # Apache HTTP Server virtual host configurations. + export COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN +} + +########################################## +# Clear CakePHP cache files +# Globals: +# None +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::registry_clear_cache() { + + local cache_dir + cache_dir="$COMANAGE_REGISTRY_DIR/app/tmp/cache" + + if [[ -d $cache_dir ]]; then + find $cache_dir -type f -exec rm -f {} \; + echo "Cleared COmanage Registry CakePHP cache files in ${cache_dir}" > "$OUTPUT" + fi + +} + +########################################## +# Run COmanage Registry setup shell command +# Globals: +# COMANAGE_REGISTRY_ADMIN_GIVEN_NAME +# COMANAGE_REGISTRY_ADMIN_FAMILY_NAME +# COMANAGE_REGISTRY_ADMIN_USERNAME +# COMANAGE_REGISTRY_DIR +# COMANAGE_REGISTRY_ENABLE_POOLING +# COMANAGE_REGISTRY_SECURITY_SALT +# COMANAGE_REGISTRY_SECURITY_SEED +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::registry_setup() { + + # We only want to run the setup script once since it creates + # state in the database. Until COmanage Registry has a better + # mechanism for telling us if setup has already been run + # we create an ephemeral CakePHP script to tell us. + local setup_already_script + setup_already_script="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php" + + cat > $setup_already_script <<"EOF" +Co->find('first', $args); + } catch (CakeException $e) { + $this->out('Not setup already'); + } + + if(empty($co)) { + $this->out('Not setup already'); + } else { + $this->error('Setup already'); + } + } +} +EOF + + local setup_already + pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1 + echo "Testing if COmanage Registry setup has been done previously..." > "$OUTPUT" + ./Console/cake setupAlready > "$OUTPUT" 2>&1 + setup_already=$? + + rm -f "$setup_already_script" + + local auto_generated_security + + if [ $setup_already -eq 0 ]; then + echo "COmanage Registry setup has not been done previously" > "$OUTPUT" + rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > "$OUTPUT" 2>&1 + rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > "$OUTPUT" 2>&1 + echo "Running ./Console/cake database..." > "$OUTPUT" + ./Console/cake database > "$OUTPUT" 2>&1 + echo "Running ./Console/cake setup..." > "$OUTPUT" + ./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \ + --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \ + --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \ + --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1 + echo "Set admin given name ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" > "$OUTPUT" + echo "Set admin family name ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" > "$OUTPUT" + echo "Set admin username ${COMANAGE_REGISTRY_ADMIN_USERNAME}" > "$OUTPUT" + echo "Set enable pooling to ${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" + auto_generated_security=1 + fi + + popd > "$OUTPUT" 2>&1 + + # If COmanage Registry CakePHP security salt and seed have been + # injected and the files do not otherwise exist create them. + if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$auto_generated_security" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" + fi + + if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$auto_generated_security" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then + echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" + fi +} + +########################################## +# Run COmanage Registry upgradeVersion shell command +# Globals: +# COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE +# COMANAGE_REGISTRY_DIR +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::registry_upgrade() { + + # We always run upgradeVersion since it will not make any changes + # if the current and target versions are the same or if + # an upgrade from the current to the target version is not allowed. + + # First clear the caches. + comanage_utils::registry_clear_cache + + pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1 + echo "Running ./Console/cake upgradeVersion..." > "$OUTPUT" + ./Console/cake upgradeVersion > "$OUTPUT" 2>&1 + echo "Done running ./Console/cake upgradeVersion" > "$OUTPUT" + echo "You may ignore errors reported above if the Current and Target versions are the same" > "$OUTPUT" + popd > "$OUTPUT" 2>&1 + + # Force a datbase update if requested. This is helpful when deploying + # a new version of the code that does not result in a change in the + # version number and so upgradeVersion does not fire. An example + # of this scenario is when new code is introduced in the develop + # branch but before a release happens. + if [ -n "$COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE" ]; then + echo "Forcing a database schema update..." > "$OUTPUT" + pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1 + ./Console/cake database > "$OUTPUT" 2>&1 + echo "Done forcing database schema update" > "$OUTPUT" + popd > "$OUTPUT" 2>&1 + fi + + # Clear the caches again. + comanage_utils::registry_clear_cache +} + +########################################## +# Set tmp directory file ownership +# Globals: +# COMANAGE_REGISTRY_DIR +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::tmp_ownership() { + + # Ensure that the web server user owns the tmp directory + # and all children. + local tmp_dir + local ownership + + if [[ -e '/etc/debian_version' ]]; then + ownership='www-data:www-data' + elif [[ -e '/etc/centos-release' ]]; then + ownership='apache:apache' + fi + + tmp_dir="${COMANAGE_REGISTRY_DIR}/app/tmp" + + chown -R "${ownership}" "${tmp_dir}" + + echo "Recursively set ownership of ${tmp_dir} to ${ownership}" > "$OUTPUT" + +} + +########################################## +# Wait until able to connect to database +# Globals: +# COMANAGE_REGISTRY_DIR +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::wait_database_connectivity() { + + # Create a CakePHP shell to test database connectivity. + local database_test_script + database_test_script="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php" + + cat > $database_test_script <<"EOF" +error("Unable to connect to datasource"); + } + $this->out("Connected to datasource"); + } +} +EOF + + pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1 + + # Loop until we are able to open a connection to the database. + echo "Testing database availability..." > "$OUTPUT" + until ./Console/cake databaseTest > "$OUTPUT" 2>&1; do + >&2 echo "Database is unavailable - sleeping" + sleep 1 + done + + rm -f "$database_test_script" + + echo "Database is available" > "$OUTPUT" + + popd > "$OUTPUT" 2>&1 +} diff --git a/docker-comanage-entrypoint b/docker-comanage-entrypoint new file mode 100755 index 0000000..3ffc233 --- /dev/null +++ b/docker-comanage-entrypoint @@ -0,0 +1,24 @@ +#!/bin/bash + +# COmanage Registry Dockerfile entrypoint +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +source /usr/local/lib/comanage_utils.sh + +comanage_utils::exec_apache_http_server "$@"