UETN recommendations

Dockerfile

@@ -1,14 +1,34 @@
-ARG from=centos:centos7
-FROM ${from}
+FROM centos:centos8
 
-RUN yum install -y openssl freeradius freeradius-mysql freeradius-utils php-common php-gd php-curl php-mysql mysql-server php-db mysql-client
-RUN yum install -y apache2 libapache2-mod-php php-mail php-mime php-pear
+RUN dnf install -y @freeradius freeradius-utils freeradius-mysql
 
+RUN ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
+RUN chgrp -h radiusd /etc/raddb/mods-enabled/sql
 
-# EPEL repository for freetds and hiredis
-RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+#RUN sed -i 's/\"rlm_sql_null\"/\"rlm_sql_mysql\"/' /etc/raddb/mods-available/sql \
+#&& sed -i 's/\"sqlite\"/\"mysql\"/' /etc/raddb/mods-available/sql \
+#&& sed -i '/server = \"localhost\"/s/^#*//g' /etc/raddb/mods-available/sql \
+#&& sed -i 's/\"localhost\"/\"${DB_HOST}\"/' /etc/raddb/mods-available/sql \
+#&& sed -i '/port = \"3306\"/s/^#*//g' /etc/raddb/mods-available/sql \
+#&& sed -i 's/\"3306\"/\"${DB_PORT}\"/' /etc/raddb/mods-available/sql \
+#&& sed -i '/login = \"radius\"/s/^#*//g' /etc/raddb/mods-available/sql \
+#&& sed -i 's/login = \"radius\"/login = \"${DB_USER}\"/' /etc/raddb/mods-available/sql \
+#&& sed -i '/password = \"SuperStrongPassword\"/s/^#*//g' /etc/raddb/mods-available/sql \
+#&& sed -i 's/\"SuperStrongPassword\"/\"${DB_PWD}\"/' /etc/raddb/mods-available/sql \
+#&& sed -i 's/radius_db = \"radius\"/radius_db = \"${DB_NAME}\"/' /etc/raddb/mods-available/sql
 
-COPY docker-entrypoint.sh /
+#RUN cat /etc/raddb/mods-available/sql
+
+
+#install httpd and php
+
+
+
+#install Daloradius
+
+
+COPY container_files/docker-entrypoint.sh /
+RUN chmod 755 /docker-entrypoint.sh
 
 EXPOSE 1812/udp 1813/udp
 ENTRYPOINT ["/docker-entrypoint.sh"]

Jenkinsfile

@@ -49,7 +49,7 @@ pipeline {
                 script {
                   try{
                       docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
-                        baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
+                        baseImg = docker.build("$maintainer/$imagename", "--no-cache .")
                       }
                   } catch(error) {
                      def error_details = readFile('./debug');
@@ -103,6 +103,5 @@ def handleError(String message){
   echo "${message}"
   currentBuild.setResult("FAILED")
   slackSend color: 'danger', message: "${message}"
-  //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chubing@internet2.edu', sendToIndividuals: true])
   sh 'exit 1'
 }

test-compose/db/Dockerfile

@@ -0,0 +1,49 @@
+FROM centos:centos8
+
+ARG DB_ROOT_PWD=SecretPassword
+ENV DB_ROOT_PWD=$DB_ROOT_PWD
+
+ARG DB_USER=radius
+ENV DB_USER=$DB_USER
+
+ARG DB_USER_PWD=password
+ENV DB_USER_PWD=$DB_USER_PWD
+
+ARG DB_NAME=radius
+ENV DB_NAME=$DB_NAME
+
+RUN dnf module install -y mariadb
+
+COPY container_files/rad-schema.sql /
+
+RUN mysql_install_db \
+    && chown -R mysql:mysql /var/lib/mysql/ \
+    && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
+    && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
+    && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
+    && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
+    && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
+    && cat  /etc/my.cnf \
+    && echo "/usr/bin/mysqld_safe &" > /tmp/config \
+    && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
+    #steps performed by mysql_secure_installation
+    && echo "mysql -e 'UPDATE mysql.user SET Password=PASSWORD(\"${DB_ROOT_PWD}\") WHERE User=\"root\";'" >> /tmp/config \ 
+    && echo "mysql -e 'DELETE FROM mysql.user WHERE User=\"\";'" >> /tmp/config \
+    && echo "mysql -e 'DELETE FROM mysql.user WHERE User=\"root\" AND Host NOT IN (\"localhost\", \"127.0.0.1\", \"::1\");'" >> /tmp/config \
+    && echo "mysql -e 'DROP DATABASE IF EXISTS test;'" >> /tmp/config \
+    && echo "mysql -e 'DELETE FROM mysql.db WHERE Db=\"test\" OR Db=\"test\\_%\";'" >> /tmp/config \
+    && echo "mysql -e 'CREATE DATABASE ${DB_NAME};'" >> /tmp/config \
+    && echo "mysql -e 'GRANT ALL ON ${DB_NAME}.* TO ${DB_USER}@localhost IDENTIFIED BY \"${DB_USER_PWD}\";'" >> /tmp/config \
+    && echo "mysql -e 'FLUSH PRIVILEGES;'" >> /tmp/config \
+    && echo "mysql -u root --password=${DB_PWD} radius < /rad-schema.sql" >> /tmp/config \
+    && bash /tmp/config \
+    && rm -f /tmp/config
+
+
+#RUN (mysqld_safe & ) \
+#    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
+#    bin/gsh -registry -check -runscript -noprompt
+
+EXPOSE 3306
+
+CMD mysqld_safe

test-compose/db/container_files/rad-schema.sql

@@ -0,0 +1,150 @@
+###########################################################################
+# $Id: 1059b115282ea738353fe4fbc8d92b03a338f8c1 $                 #
+#                                                                         #
+#  schema.sql                       rlm_sql - FreeRADIUS SQL Module       #
+#                                                                         #
+#     Database schema for MySQL rlm_sql module                            #
+#                                                                         #
+#     To load:                                                            #
+#         mysql -uroot -prootpass radius < schema.sql                     #
+#                                                                         #
+#                                   Mike Machado <mike@innercite.com>     #
+###########################################################################
+#
+# Table structure for table 'radacct'
+#
+
+CREATE TABLE radacct (
+  radacctid bigint(21) NOT NULL auto_increment,
+  acctsessionid varchar(64) NOT NULL default '',
+  acctuniqueid varchar(32) NOT NULL default '',
+  username varchar(64) NOT NULL default '',
+  realm varchar(64) default '',
+  nasipaddress varchar(15) NOT NULL default '',
+  nasportid varchar(15) default NULL,
+  nasporttype varchar(32) default NULL,
+  acctstarttime datetime NULL default NULL,
+  acctupdatetime datetime NULL default NULL,
+  acctstoptime datetime NULL default NULL,
+  acctinterval int(12) default NULL,
+  acctsessiontime int(12) unsigned default NULL,
+  acctauthentic varchar(32) default NULL,
+  connectinfo_start varchar(50) default NULL,
+  connectinfo_stop varchar(50) default NULL,
+  acctinputoctets bigint(20) default NULL,
+  acctoutputoctets bigint(20) default NULL,
+  calledstationid varchar(50) NOT NULL default '',
+  callingstationid varchar(50) NOT NULL default '',
+  acctterminatecause varchar(32) NOT NULL default '',
+  servicetype varchar(32) default NULL,
+  framedprotocol varchar(32) default NULL,
+  framedipaddress varchar(15) NOT NULL default '',
+  PRIMARY KEY (radacctid),
+  UNIQUE KEY acctuniqueid (acctuniqueid),
+  KEY username (username),
+  KEY framedipaddress (framedipaddress),
+  KEY acctsessionid (acctsessionid),
+  KEY acctsessiontime (acctsessiontime),
+  KEY acctstarttime (acctstarttime),
+  KEY acctinterval (acctinterval),
+  KEY acctstoptime (acctstoptime),
+  KEY nasipaddress (nasipaddress)
+) ENGINE = INNODB;
+
+#
+# Table structure for table 'radcheck'
+#
+
+CREATE TABLE radcheck (
+  id int(11) unsigned NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '==',
+  value varchar(253) NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY username (username(32))
+);
+
+#
+# Table structure for table 'radgroupcheck'
+#
+
+CREATE TABLE radgroupcheck (
+  id int(11) unsigned NOT NULL auto_increment,
+  groupname varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '==',
+  value varchar(253)  NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY groupname (groupname(32))
+);
+
+#
+# Table structure for table 'radgroupreply'
+#
+
+CREATE TABLE radgroupreply (
+  id int(11) unsigned NOT NULL auto_increment,
+  groupname varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '=',
+  value varchar(253)  NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY groupname (groupname(32))
+);
+
+#
+# Table structure for table 'radreply'
+#
+
+CREATE TABLE radreply (
+  id int(11) unsigned NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  attribute varchar(64) NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '=',
+  value varchar(253) NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY username (username(32))
+);
+
+
+#
+# Table structure for table 'radusergroup'
+#
+
+CREATE TABLE radusergroup (
+  username varchar(64) NOT NULL default '',
+  groupname varchar(64) NOT NULL default '',
+  priority int(11) NOT NULL default '1',
+  KEY username (username(32))
+);
+
+#
+# Table structure for table 'radpostauth'
+#
+CREATE TABLE radpostauth (
+  id int(11) NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  pass varchar(64) NOT NULL default '',
+  reply varchar(32) NOT NULL default '',
+  authdate timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY  (id)
+) ENGINE = INNODB;
+
+#
+# Table structure for table 'nas'
+#
+CREATE TABLE nas (
+  id int(10) NOT NULL auto_increment,
+  nasname varchar(128) NOT NULL,
+  shortname varchar(32),
+  type varchar(30) DEFAULT 'other',
+  ports int(5),
+  secret varchar(60) DEFAULT 'secret' NOT NULL,
+  server varchar(64),
+  community varchar(50),
+  description varchar(200) DEFAULT 'RADIUS Client',
+  PRIMARY KEY (id),
+  KEY nasname (nasname)
+);
+

test-compose/docker-compose.yml

@@ -0,0 +1,48 @@
+
+version: "3.3"
+
+services:
+  radius:
+    build:
+      context: ./radius/
+    depends_on:
+     - db
+    expose:
+     - "1812/udp"
+     - "1813/udp"
+     - "443"
+    networks:
+     - front
+     - back
+    ports:
+     - "1812/udp:1812/udp"
+     - "1813/udp:1813/udp"
+     - "443:443"
+
+  db:
+    build:
+      context: ./db/
+      args:
+        DB_USER: radius
+        DB_USER_PWD: MySecretPassword
+        DB_ROOT_PWD: MySecretPassword
+        DB_NAME: radius
+    expose:
+     - "3306"
+    networks:
+     - back
+    ports:
+     - "3306:3306"
+    volumes:
+     - radius_db:/var/lib/mysql
+
+  front:
+    driver: bridge
+  back:    
+    driver: bridge
+
+
+volumes:
+  radius_db:  
+    driver: local
+

test-compose/radius/Dockerfile

@@ -0,0 +1,6 @@
+FROM tier/eduroam-radius:3.0_20200221
+
+
+COPY container_files/rad-sql.cfg /etc/raddb/mods-available/sql
+
+