From 1712a120cbf9ceeaae8cfe30a3264506f4360506 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Fri, 4 May 2018 09:07:02 -0500
Subject: [PATCH] Add TIER beacon functionality
Add the TIER beacon functionality to the TIER COmanage Registry
image.
---
comanage-registry-internet2-tier/Dockerfile | 24 ++++++++-
.../docker-supervisord-entrypoint | 7 +++
.../sendtierbeacon.sh | 49 +++++++++++++++++++
comanage-registry-internet2-tier/setupcron.sh | 29 +++++++++++
.../supervisord.conf | 7 +++
5 files changed, 115 insertions(+), 1 deletion(-)
create mode 100755 comanage-registry-internet2-tier/sendtierbeacon.sh
create mode 100755 comanage-registry-internet2-tier/setupcron.sh
diff --git a/comanage-registry-internet2-tier/Dockerfile b/comanage-registry-internet2-tier/Dockerfile
index c720cb9..6abb497 100644
--- a/comanage-registry-internet2-tier/Dockerfile
+++ b/comanage-registry-internet2-tier/Dockerfile
@@ -88,6 +88,7 @@ RUN yum -y install epel-release
COPY shibboleth.repo /etc/yum.repos.d/
RUN yum -y update && yum -y install \
+ cronie \
httpd \
libargon2 \
libcurl \
@@ -113,6 +114,7 @@ COPY --from=php-build /usr/local/bin /usr/local/bin/
ARG COMANAGE_REGISTRY_VERSION
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
+ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL}
@@ -140,12 +142,17 @@ COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY shibd.logger /etc/shibboleth/
COPY native.logger /etc/shibboleth/
COPY httpd.conf /etc/httpd/conf/
+COPY sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
+COPY setupcron.sh /usr/local/bin/setupcron.sh
RUN cd /etc/httpd/conf.d \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
&& cd /etc/httpd \
&& ln -s /etc/pki/tls/certs/localhost.crt cert.pem \
- && ln -s /etc/pki/tls/private/localhost.key privkey.pem
+ && ln -s /etc/pki/tls/private/localhost.key privkey.pem \
+ && chmod 755 /usr/local/bin/sendtierbeacon.sh \
+ && chmod 755 /usr/local/bin/setupcron.sh \
+ && /usr/local/bin/setupcron.sh
# Allow values for first administrator bootstrapped into the
# platform to be specified at image build time, in addition to
@@ -172,4 +179,19 @@ COPY docker-comanage-entrypoint /usr/local/bin/
COPY docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
COPY docker-supervisord-entrypoint /usr/local/bin/
+# TIER Beacon Opt-out
+#
+# Completely uncomment the following ENV line to prevent the containers from
+# sending analytics information to Internet2. With the default/release
+# configuration, it will only send product (Shibb/Grouper/COmanage) and version
+# (3.3.1-17040, etc) once daily between midnight and 4am. There is no
+# configuration or private information collected or sent. This data helps with
+# the scaling and funding of TIER. Please do not disable it if you find the
+# TIER tools useful. To keep it commented, keep multiple comments on the
+# following line (to prevent other scripts from processing it).
+##### ENV TIER_BEACON_OPT_OUT True
+
+ENV TIER_RELEASE=180501
+ENV TIER_MAINTAINER=tier
+
ENTRYPOINT ["docker-supervisord-entrypoint"]
diff --git a/comanage-registry-internet2-tier/docker-supervisord-entrypoint b/comanage-registry-internet2-tier/docker-supervisord-entrypoint
index 2a61c78..8000116 100755
--- a/comanage-registry-internet2-tier/docker-supervisord-entrypoint
+++ b/comanage-registry-internet2-tier/docker-supervisord-entrypoint
@@ -68,6 +68,13 @@ rm -f /tmp/logsuperd > "$OUTPUT" 2>&1
mkfifo -m 666 /tmp/logsuperd > "$OUTPUT" 2>&1
(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+# Format any output from cron into standard TIER form.
+rm -f /var/log/cron > "$OUTPUT" 2>&1
+rm -f /tmp/logcrond > "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/logcrond > "$OUTPUT" 2>&1
+ln -s /tmp/logcrond /var/log/cron > "$OUTPUT" 2>&1
+(cat <> /tmp/logcrond | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "crond;cron;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+
# Close stdout and stderr for this process since supervisord will write
# to its logfile and its children are configured to write to different
# pipes.
diff --git a/comanage-registry-internet2-tier/sendtierbeacon.sh b/comanage-registry-internet2-tier/sendtierbeacon.sh
new file mode 100755
index 0000000..63e27f9
--- /dev/null
+++ b/comanage-registry-internet2-tier/sendtierbeacon.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# COmanage Regsitry script to send TIER beacon
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ cat > $messagefile <<EOF
+{
+ "msgType" : "TIERBEACON",
+ "msgName" : "TIER",
+ "msgVersion" : "1.0",
+ "tbProduct" : "COmanage Registry",
+ "tbProductVersion" : "$COMANAGE_REGISTRY_VERSION",
+ "tbTIERRelease" : "$TIER_RELEASE",
+ "tbMaintainer" : "$TIER_MAINTAINER"
+}
+EOF
+
+ curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; TIER beacon sent"
+ else
+ echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; Failed to send TIER beacon"
+ fi
+
+ rm -f $messagefile 1>/dev/null 2>&1
+
+fi
diff --git a/comanage-registry-internet2-tier/setupcron.sh b/comanage-registry-internet2-tier/setupcron.sh
new file mode 100755
index 0000000..3f45f05
--- /dev/null
+++ b/comanage-registry-internet2-tier/setupcron.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# COmanage Registry shell script to install TIER beacon crontab
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CRONFILE=/tmp/cronfile
+
+# Build and install crontab file with random start time
+# between midnight and 3:59am.
+echo "#send daily beacon to TIER Central" > ${CRONFILE}
+echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logpipe 2>&1" >> ${CRONFILE}
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/comanage-registry-internet2-tier/supervisord.conf b/comanage-registry-internet2-tier/supervisord.conf
index c79698e..6130af4 100644
--- a/comanage-registry-internet2-tier/supervisord.conf
+++ b/comanage-registry-internet2-tier/supervisord.conf
@@ -36,3 +36,10 @@ stdout_logfile=/tmp/logshibd
stdout_logfile_maxbytes=0
stderr_logfile=/tmp/logshibd
stderr_logfile_maxbytes=0
+
+[program:crond]
+command=/usr/sbin/crond -i -m off -n
+stdout_logfile=/tmp/logcrond
+stdout_logfile_maxbytes=0
+stderr_logfile=/tmp/logcrond
+stderr_logfile_maxbytes=0