From 85ba0aedfb32583c29c966d5187c3da4830d5cc6 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Fri, 10 Feb 2017 11:41:25 -0600
Subject: [PATCH] First commit

---
 comanage-registry/000-comanage.conf          |  36 +++++++
 comanage-registry/Dockerfile                 | 103 +++++++++++++++++++
 comanage-registry/Dockerfile.template        | 103 +++++++++++++++++++
 comanage-registry/docker-comanage-entrypoint |  80 ++++++++++++++
 4 files changed, 322 insertions(+)
 create mode 100644 comanage-registry/000-comanage.conf
 create mode 100644 comanage-registry/Dockerfile
 create mode 100644 comanage-registry/Dockerfile.template
 create mode 100755 comanage-registry/docker-comanage-entrypoint

diff --git a/comanage-registry/000-comanage.conf b/comanage-registry/000-comanage.conf
new file mode 100644
index 0000000..f2c6938
--- /dev/null
+++ b/comanage-registry/000-comanage.conf
@@ -0,0 +1,36 @@
+<VirtualHost *:80>
+  RewriteEngine On
+  RewriteCond %{HTTPS} off
+  RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
+</VirtualHost>
+
+<VirtualHost *:443>
+
+  DocumentRoot /var/www/html
+
+  RedirectMatch ^/$ /registry/
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  LogLevel warn
+
+  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+  SSLHonorCipherOrder on
+
+  SSLCertificateFile /etc/apache2/cert.pem
+  SSLCertificateKeyFile /etc/apache2/privkey.pem
+  SSLCertificateChainFile /etc/apache2/chain.pem
+  
+  <Directory /var/www/html/registry>
+    Options Indexes FollowSymLinks
+    DirectoryIndex index.php
+    AllowOverride All
+    Require all granted
+  </Directory>
+
+</VirtualHost>
diff --git a/comanage-registry/Dockerfile b/comanage-registry/Dockerfile
new file mode 100644
index 0000000..0b6a2b5
--- /dev/null
+++ b/comanage-registry/Dockerfile
@@ -0,0 +1,103 @@
+# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# Official PHP image with Apache HTTPD includes
+# --with-openssl
+# --with-mbstring
+# but xls, pdo, pdo_mysql, pdo_pgsql, mysqli, pgsql, 
+# and ldap extensions must be built.
+FROM php:7.0-apache
+
+ARG COMANAGE_REGISTRY_VERSION=develop
+ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/$COMANAGE_REGISTRY_VERSION.tar.gz
+
+# Default values for first administrator bootstrapped
+# into the platform, most likely overridden at build time
+# using build arguments.
+ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Registry
+ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Admin
+ARG COMANAGE_REGISTRY_ADMIN_USERNAME=registry.admin
+ARG COMANAGE_REGISTRY_ENABLE_POOLING=No
+
+LABEL comanage_registry_version=$COMANAGE_REGISTRY_VERSION
+LABEL comanage_registry_src_url=$COMANAGE_REGISTRY_SRC_URL
+
+ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
+ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}
+ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}
+ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME}
+ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING}
+
+RUN apt-get update && apt-get install -y \
+         libldap-2.4-2 \
+         libldap2-dev \
+         libmysqlclient18 \
+         libmysqlclient-dev \
+         libpq-dev \
+         libxml2 \
+         libxslt1-dev \
+         libxslt1.1 \
+         ssl-cert \
+         wget \
+         zlib1g \
+      && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
+      && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \
+      && docker-php-ext-configure mysqli --with-mysqli=/usr/bin/mysql_config \
+      && docker-php-ext-install xsl pdo pdo_mysql pdo_pgsql mysqli pgsql ldap \
+      && docker-php-source delete \
+      && apt-get purge -y \
+         libldap2-dev \
+         libmysqlclient-dev \
+         libpq-dev \
+      && apt-get clean
+
+COPY 000-comanage.conf /etc/apache2/sites-available/000-comanage.conf
+
+WORKDIR "$COMANAGE_REGISTRY_DIR"
+
+RUN mkdir -p "$COMANAGE_REGISTRY_DIR" \
+      && wget -O comanage.tar.gz $COMANAGE_REGISTRY_SRC_URL \
+      && tar -zxf comanage.tar.gz -C "$COMANAGE_REGISTRY_DIR" --strip-components=1 \
+      && rm -f comanage.tar.gz \
+      && rm -f "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && cp -r "$COMANAGE_REGISTRY_DIR/app/tmp.dist" "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && cd /var/www/html \
+      && ln -s "$COMANAGE_REGISTRY_DIR/app/webroot" registry \
+      && cd "$COMANAGE_REGISTRY_DIR" \
+      && rm -rf local \
+      && mkdir -p /local \
+      && ln -s /local local \
+      && a2enmod headers \
+      && a2enmod ssl \
+      && a2enmod rewrite \
+      && a2dissite 000-default.conf \
+      && a2ensite 000-comanage.conf \
+      && a2disconf other-vhosts-access-log \
+      && cd /etc/apache2 \
+      && ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem cert.pem \
+      && ln -s /etc/ssl/private/ssl-cert-snakeoil.key privkey.pem \
+      && ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem chain.pem  \
+      && sed -ie 's/'"'"'engine'"'"' => '"'"'FileLog'"'"'/'"'"'engine'"'"' => '"'"'ConsoleLog'"'"'/' "$COMANAGE_REGISTRY_DIR/app/Config/bootstrap.php" 
+
+COPY docker-comanage-entrypoint /usr/local/bin/
+
+# expose COmanage Registry local directory
+VOLUME ["/local"]
+
+ENTRYPOINT ["docker-comanage-entrypoint"]
+
+WORKDIR /var/www/html
+
+EXPOSE 80 443
+
+CMD ["apache2-foreground"]
diff --git a/comanage-registry/Dockerfile.template b/comanage-registry/Dockerfile.template
new file mode 100644
index 0000000..4afe1ac
--- /dev/null
+++ b/comanage-registry/Dockerfile.template
@@ -0,0 +1,103 @@
+# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# Official PHP image with Apache HTTPD includes
+# --with-openssl
+# --with-mbstring
+# but xls, pdo, pdo_mysql, pdo_pgsql, mysqli, pgsql, 
+# and ldap extensions must be built.
+FROM php:7.0-apache
+
+ARG COMANAGE_REGISTRY_VERSION=%%COMANAGE_REGISTRY_VERSION%%
+ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/$COMANAGE_REGISTRY_VERSION.tar.gz
+
+# Default values for first administrator bootstrapped
+# into the platform, most likely overridden at build time
+# using build arguments.
+ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Registry
+ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Admin
+ARG COMANAGE_REGISTRY_ADMIN_USERNAME=registry.admin
+ARG COMANAGE_REGISTRY_ENABLE_POOLING=No
+
+LABEL comanage_registry_version=$COMANAGE_REGISTRY_VERSION
+LABEL comanage_registry_src_url=$COMANAGE_REGISTRY_SRC_URL
+
+ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
+ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}
+ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}
+ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME}
+ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING}
+
+RUN apt-get update && apt-get install -y \
+         libldap-2.4-2 \
+         libldap2-dev \
+         libmysqlclient18 \
+         libmysqlclient-dev \
+         libpq-dev \
+         libxml2 \
+         libxslt1-dev \
+         libxslt1.1 \
+         ssl-cert \
+         wget \
+         zlib1g \
+      && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
+      && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \
+      && docker-php-ext-configure mysqli --with-mysqli=/usr/bin/mysql_config \
+      && docker-php-ext-install xsl pdo pdo_mysql pdo_pgsql mysqli pgsql ldap \
+      && docker-php-source delete \
+      && apt-get purge -y \
+         libldap2-dev \
+         libmysqlclient-dev \
+         libpq-dev \
+      && apt-get clean
+
+COPY 000-comanage.conf /etc/apache2/sites-available/000-comanage.conf
+
+WORKDIR "$COMANAGE_REGISTRY_DIR"
+
+RUN mkdir -p "$COMANAGE_REGISTRY_DIR" \
+      && wget -O comanage.tar.gz $COMANAGE_REGISTRY_SRC_URL \
+      && tar -zxf comanage.tar.gz -C "$COMANAGE_REGISTRY_DIR" --strip-components=1 \
+      && rm -f comanage.tar.gz \
+      && rm -f "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && cp -r "$COMANAGE_REGISTRY_DIR/app/tmp.dist" "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" \
+      && cd /var/www/html \
+      && ln -s "$COMANAGE_REGISTRY_DIR/app/webroot" registry \
+      && cd "$COMANAGE_REGISTRY_DIR" \
+      && rm -rf local \
+      && mkdir -p /local \
+      && ln -s /local local \
+      && a2enmod headers \
+      && a2enmod ssl \
+      && a2enmod rewrite \
+      && a2dissite 000-default.conf \
+      && a2ensite 000-comanage.conf \
+      && a2disconf other-vhosts-access-log \
+      && cd /etc/apache2 \
+      && ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem cert.pem \
+      && ln -s /etc/ssl/private/ssl-cert-snakeoil.key privkey.pem \
+      && ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem chain.pem  \
+      && sed -ie 's/'"'"'engine'"'"' => '"'"'FileLog'"'"'/'"'"'engine'"'"' => '"'"'ConsoleLog'"'"'/' "$COMANAGE_REGISTRY_DIR/app/Config/bootstrap.php" 
+
+COPY docker-comanage-entrypoint /usr/local/bin/
+
+# expose COmanage Registry local directory
+VOLUME ["/local"]
+
+ENTRYPOINT ["docker-comanage-entrypoint"]
+
+WORKDIR /var/www/html
+
+EXPOSE 80 443
+
+CMD ["apache2-foreground"]
diff --git a/comanage-registry/docker-comanage-entrypoint b/comanage-registry/docker-comanage-entrypoint
new file mode 100755
index 0000000..99700db
--- /dev/null
+++ b/comanage-registry/docker-comanage-entrypoint
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# 
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# Database initialization or schema management using adodb
+# is idempotent so we always run it at startup.
+pushd "$COMANAGE_REGISTRY_DIR/app" > /dev/null 2>&1
+./Console/cake database > /dev/null 2>&1
+popd > /dev/null 2>&1
+
+# We only want to run the setup script once since it creates
+# state in the database. Until COmanage Registry has a better
+# mechanism for telling us if setup has already been run
+# we create an ephemeral CakePHP script to tell us.
+SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"
+
+cat >> $SETUP_ALREADY_SCRIPT <<"EOF"
+<?php
+
+class SetupAlreadyShell extends AppShell {
+  var $uses = array('Co');
+
+  function main() {
+    $args = array();
+    $args['conditions']['Co.name'] = 'COmanage';
+    $args['contain'] = false;
+
+    $co = $this->Co->find('first', $args);
+
+    if(!empty($co)) {
+      $this->error('Setup already');
+    }
+  }
+}
+EOF
+
+pushd /srv/comanage-registry/app > /dev/null 2>&1
+./Console/cake setupAlready > /dev/null 2>&1
+setup_already=$?
+
+rm -f "$SETUP_ALREADY_SCRIPT"
+
+if [ $setup_already -eq 0 ]; then
+    rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > /dev/null 2>&1
+    rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > /dev/null 2>&1
+    ./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
+                         --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
+                         --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
+                         --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > /dev/null 2>&1 
+fi
+
+popd > /dev/null 2>&1
+
+# Running CakePHP console commands generates cache files so 
+# set the ownership of those files appropriately.
+chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp"
+
+# Make sure the directory structure we need is available
+# in the data volume for $COMANAGE_REGISTRY_DIR/local
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+    set -- apache2-foreground "$@"
+fi
+
+exec "$@"