Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
Merging grouper_noVM into grouper master
@chubing
chubing committed Apr 4, 2018
1 parent 4d78613 commit 1893330
Showing 103 changed files with 23,277 additions and 659 deletions.
200 changes: 129 additions & 71 deletions Dockerfile
View file
@@ -1,73 +1,131 @@
FROM centos:centos7 as installing

RUN yum update -y \
&& yum install -y wget tar unzip dos2unix \
&& yum clean all

ENV GROUPER_VERSION=2.3.0 \
JAVA_HOME=/opt/java

RUN java_version=8.0.131; \
zulu_version=8.21.0.1; \
echo 'Downloading the OpenJDK Zulu...' \
&& wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
&& echo "1931ed3beedee0b16fb7fd37e069b162 zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
&& tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
&& ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME

#RUN java_version=8u151; \
# java_bnumber=12; \
# java_semver=1.8.0_151; \
# java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
# echo 'Downloading the Oracle Java...' \
# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
# http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
# && echo "$java_hash server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
# && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
# && ln -s /opt/jdk$java_semver/ $JAVA_HOME

RUN echo 'Downloading Grouper Installer...' \
&& mkdir -p /opt/grouper/$GROUPER_VERSION \
&& wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar

COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION

RUN echo 'Installing Grouper'; \
PATH=$PATH:$JAVA_HOME/bin; \
cd /opt/grouper/$GROUPER_VERSION/ \
&& $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller



FROM centos:centos7 as cleanup

ENV GROUPER_VERSION=2.3.0 \
TOMCAT_VERSION=8.5.12 \
TOMEE_VERSION=7.0.0

COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/

ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin

ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin

RUN cd /opt/grouper/grouper.apiBinary/; \
rm -fr ddlScripts/ grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/

RUN cd /opt/tomcat/; \
chmod +r bin/log4j-*.jar; \
rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties

RUN cd /opt/tomee/; \
chmod +r bin/log4j-*.jar; \
rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties

COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
COPY container_files/tomcat/ /opt/tomcat/
COPY container_files/tomee/ /opt/tomee/


FROM tier/shibboleth_sp

# Define args and set a default value
ARG maintainer=tier
ARG imagename=grouper
ARG version=2.3.0
ARG tierversion=17070

MAINTAINER $maintainer
LABEL Vendor="Internet2"
LABEL ImageType="Base"
LABEL ImageName=$imagename
LABEL ImageOS=centos7
LABEL Version=$version

ENV VERSION=$version
ENV TIERVERSION=$tierversion
ENV IMAGENAME=$imagename
ENV MAINTAINER=$maintainer

ENV TOMCAT_VERSION="8.5.12"
ENV WAIT_TIME=60

LABEL Build docker build --rm --tag $maintainer/$imagename .

ADD container_files /opt
ONBUILD ADD additional_container_files /opt

RUN mkdir -p /opt/grouper/$VERSION \
&& mv /opt/etc/grouper.installer.properties /opt/grouper/$VERSION/. \
&& mv /opt/etc/MariaDB.repo /etc/yum.repos.d/MariaDB.repo \
&& curl -o /opt/grouper/$VERSION/grouperInstaller.jar https://software.internet2.edu/grouper/release/$VERSION/grouperInstaller.jar \
&& yum -y update \
&& yum -y install --setopt=tsflags=nodocs \
dos2unix \
MariaDB-client \
telnet \
emacs \
mlocate \
&& yum clean all \
&& /opt/autoexec/bin/onbuild.sh \
&& rm /opt/grouper/$version/grouper.apiBinary-$version/conf/grouper.hibernate.properties && \
cp /opt/etc/grouper.hibernate.pointer.properties /opt/grouper/$version/grouper.apiBinary-$version/conf/grouper.hibernate.properties && \
rm /opt/grouper/$version/grouper.ws-$version/grouper-ws/build/dist/grouper-ws/WEB-INF/classes/grouper.hibernate.properties && \
cp /opt/etc/grouper.hibernate.pointer.properties /opt/grouper/$version/grouper.ws-$version/grouper-ws/build/dist/grouper-ws/WEB-INF/classes/grouper.hibernate.properties && \
rm /opt/grouper/$version/grouper.ui-$version/dist/grouper/WEB-INF/classes/grouper.hibernate.properties && \
cp /opt/etc/grouper.hibernate.pointer.properties /opt/grouper/$version/grouper.ui-$version/dist/grouper/WEB-INF/classes/grouper.hibernate.properties && \
ln -sf /opt/bin/run.sh /usr/local/bin/run.sh && \
updatedb

#/opt/grouper/2.3.0/grouper.apiBinary-2.3.0/conf/grouper.hibernate.properties

# Export this variable so that shibd can find it's CURL library
RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64"
RUN export LD_LIBRARY_PATH

# The installer creates a HSQL DB which we ignore later

WORKDIR /opt/grouper/$version

#VOLUME /opt/grouper/2.3.0/apache-tomcat-$TOMCAT_VERSION/logs

EXPOSE 8080 8009 8005

ADD files/bin/setenv.sh /opt/tier/setenv.sh
RUN chmod +x /opt/tier/setenv.sh
ADD files/bin/startup.sh /usr/bin/startup.sh
RUN chmod +x /usr/bin/startup.sh
ADD files/bin/sendtierbeacon.sh /usr/bin/sendtierbeacon.sh
RUN chmod +x /usr/bin/sendtierbeacon.sh


CMD ["/usr/bin/startup.sh"]
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
ImageType="Grouper" \
ImageName=$imagename \
ImageOS=centos7

ENV JAVA_HOME=/opt/java \
PATH=$PATH:$JAVA_HOME/bin \
GROUPER_HOME=/opt/grouper/grouper.apiBinary

RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime

RUN yum update -y \
&& yum install -y cron logrotate python-pip \
&& pip install --upgrade pip \
&& pip install supervisor \
&& yum clean -y all

COPY --from=installing $JAVA_HOME $JAVA_HOME
COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
COPY --from=cleanup /opt/tomee/ /opt/tomee/
COPY --from=cleanup /opt/grouper/ /opt/grouper/

RUN groupadd -r tomcat \
&& useradd -r -m -s /sbin/nologin -g tomcat tomcat \
&& mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
&& chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
&& chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/

COPY container_files/tier-support/ /opt/tier-support/
COPY container_files/usr-local-bin/ /usr/local/bin/
COPY container_files/httpd/* /etc/httpd/conf.d/
COPY container_files/shibboleth/* /etc/shibboleth/

RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf

WORKDIR /opt/grouper/grouper.apiBinary/

EXPOSE 80 443

CMD ["bin/gsh", "-loader"]
131 changes: 56 additions & 75 deletions Jenkinsfile
View file
@@ -1,84 +1,64 @@
node('docker') {

stage 'Checkout'

checkout scm

stage 'Acquire util'

sh 'mkdir -p tmp'
dir('tmp'){
git([ url: "https://github.internet2.edu/docker/util.git",
credentialsId: "jenkins-github-access-token" ])
sh 'ls'
sh 'mv bin/* ../bin/.'
}
stage 'Environment'

def maintainer = maintainer()
def imagename = imagename()
def tag = env.BRANCH_NAME

// Tag images created on master branch with 'latest'
if(env.BRANCH_NAME == "master"){
tag = "latest"
}else{
tag = env.BRANCH_NAME
}

if(!imagename){
echo "You must define an imagename in common.bash"
currentBuild.result = 'FAILURE'
pipeline {
agent any
environment {
maintainer = "t"
imagename = 'g'
tag = 'l'
}
if(maintainer){
echo "Building ${maintainer}:${tag} for ${maintainer}"
stages {
stage('Setting build context') {
steps {
script {
maintainer = maintain()
imagename = imagename()
if(env.BRANCH_NAME == "master") {
tag = "latest"
} else {
tag = env.BRANCH_NAME
}
if(!imagename){
echo "You must define an imagename in common.bash"
currentBuild.result = 'FAILURE'
}
}
}
}
stage('Build') {
steps {
echo 'step 2'
}
}
stage('Push') {
steps {
script {
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
def baseImg = docker.build("$maintainer/$imagename")
baseImg.push("$tag")
}
}
}
}
stage('Notify') {
steps{
echo "$maintainer"
slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
}
}
}

stage 'Build'
try{
sh 'bin/rebuild.sh >> debug'
} catch(error) {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem building the Base Image. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
post {
always {
echo 'I will always say Hello again!'
}
failure {
// slackSend color: 'good', message: "Build failed"
handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
}
}
stage 'Start container'

sh 'bin/ci-run.sh'

stage 'Tests'

try{
sh 'bin/test.sh &> debug'
} catch(error) {
def error_details = readFile('./debug');
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}

stage 'Stop container'

sh 'bin/ci-stop.sh'

stage 'Push'
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
def baseImg = docker.build("$maintainer/$imagename", "--no-cache .")
baseImg.push("$tag")
// Push to private repo to do security scan on container
// baseImg = docker.build("tieradmin/security-scan-$imagename")
// baseImg.push("$tag")
}

stage 'Notify'

slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"


}

def maintainer() {

def maintain() {
def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
matcher ? matcher[0][1] : 'tier'
}
@@ -92,5 +72,6 @@ def handleError(String message){
echo "${message}"
currentBuild.setResult("FAILED")
slackSend color: 'danger', message: "${message}"
//step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true])
sh 'exit 1'
}
201 changes: 201 additions & 0 deletions LICENSE
View file
@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.

"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:

(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and

(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.

You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright {yyyy} {name of copyright owner}

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
284 changes: 281 additions & 3 deletions README.md
View file

Large diffs are not rendered by default.

3 changes: 1 addition & 2 deletions common.bash
View file
@@ -1,3 +1,2 @@
maintainer="tier"
imagename="grouper"
version="2.3.0"
imagename="grouper-multi-purpose"
144 changes: 144 additions & 0 deletions container_files/api/log4j.properties
View file
@@ -0,0 +1,144 @@

#
# Copyright 2014 Internet2
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

#${grouper.home} will be substituted with the System property "grouper.home", which must have a trailing \ or /
# depending on your OS. Of course you can use absolute paths if you prefer


#
# log4j Configuration
# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
#

# Appenders

## Grouper API event logging
log4j.appender.grouper_event = org.apache.log4j.FileAppender
log4j.appender.grouper_event.file = /tmp/logpipe
log4j.appender.grouper_event.append = true
log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
log4j.appender.grouper_event.layout.ConversionPattern = grouper-api;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

## Grouper API error logging
log4j.appender.grouper_error = org.apache.log4j.FileAppender
log4j.appender.grouper_error.file = /tmp/logpipe
log4j.appender.grouper_errot.append = true
log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
log4j.appender.grouper_error.layout.ConversionPattern = grouper-api;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n

# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
log4j.appender.grouper_debug = org.apache.log4j.FileAppender
log4j.appender.grouper_debug.file = /tmp/logpipe
log4j.appender.grouper_debug.append = true
log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
log4j.appender.grouper_debug.layout.ConversionPattern = grouper-api;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

## Benchmark logging
log4j.appender.grouper_gb = org.apache.log4j.FileAppender
log4j.appender.grouper_gb.file = /tmp/logpipe
log4j.appender.grouper_gb.append = true
log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
log4j.appender.grouper_gb.layout.ConversionPattern = grouper-api;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

# Loggers

## Default logger; will log *everything*
log4j.rootLogger = ERROR, grouper_error

## All Internet2 (warn to grouper_error per default logger)
log4j.logger.edu.internet2.middleware = WARN


# Provisioning : PSP (version 2.1+)
log4j.logger.edu.internet2.middleware.psp = INFO

# Provisioning : vt-ldap
# log4j.logger.edu.vt.middleware.ldap = INFO

# Provisioning : Grouper plugin to Shibboleth attribute resolver
# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO


# For more precise (or verbose) logging, enable one or more of the
# following logging directives. To remove duplicate entries, just change the
# level, and not where to send the logs
# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html

## Grouper Event Logging
## * Logs at _info_ only
log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event

## Grouper Error Logging
## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error

## Grouper Debug Logging
## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
## * Logs at _info_ only currently
#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug

## Grouper XML Export + Import Logging
## TODO Integrate with normal logging
log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event

## Grouper Benchmark Logging
log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb

## Grouper script to add missing group sets
log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event

## Grouper Sync Point in Time Tables
log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event

## Grouper Sync Stem Set Table
log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event

## Grouper Migrate Legacy Attributes
log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event

### Subject API
#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
### Hibernate
#log4j.logger.org.hibernate = ERROR, grouper_error
### ehcache
#log4j.logger.net.sf.ehcache = ERROR, grouper_error
### Spring
#log4j.logger.org.springframework = ERROR, grouper_error

## Grouper Stress Testing
log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug


#######################################################
##Optional settings for debug logs
#######################################################

## Hooks debug info
#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG

#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG


# added by grouper-installer
log4j.logger.org.apache.tools.ant = WARN
22 changes: 0 additions & 22 deletions container_files/autoexec/onbuild/0_install_java.sh
View file

This file was deleted.

15 changes: 0 additions & 15 deletions container_files/bin/check.sh
View file

This file was deleted.

11 changes: 0 additions & 11 deletions container_files/bin/cleanup.sh
View file

This file was deleted.

33 changes: 0 additions & 33 deletions container_files/bin/configure.sh
View file

This file was deleted.

23 changes: 0 additions & 23 deletions container_files/bin/main.sh
View file

This file was deleted.

4 changes: 0 additions & 4 deletions container_files/bin/run.sh
View file

This file was deleted.

69 changes: 0 additions & 69 deletions container_files/bin/start.sh
View file

This file was deleted.

8 changes: 0 additions & 8 deletions container_files/bin/tier-bootstrap.gsh
View file

This file was deleted.

7 changes: 0 additions & 7 deletions container_files/etc/MariaDB.repo
View file

This file was deleted.

8 changes: 0 additions & 8 deletions container_files/etc/grouper.hibernate.pointer.properties
View file

This file was deleted.

43 changes: 0 additions & 43 deletions container_files/etc/grouper.installer.properties
View file

This file was deleted.

2 changes: 0 additions & 2 deletions container_files/etc/grouper.properties
View file

This file was deleted.

39 changes: 39 additions & 0 deletions container_files/grouper.installer.properties
View file
@@ -0,0 +1,39 @@
# this should be before the version number
download.server.url = https://software.internet2.edu/grouper
# default version to install
grouper.version = 2.3.0
# print out autorun keys in prompts so you can easily see how to configure the autorun
grouperInstaller.print.autorunKeys = true
# default to install or upgrade (default is install)
grouperInstaller.default.installOrUpgrade = install

##############################
## Autorun properties
##
## If you uncomment one of these properties it will be used as empty, only uncomment to use
##
##############################

grouperInstaller.autorun.installAllPatches = false
grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_3_0_api_patch_99,grouper_v2_3_0_ui_patch_42,grouper_v2_3_0_ws_patch_11,grouper_v2_3_0_pspng_patch_16

#### set this to true to try to use defaults for everything. Only things without default values will need to be set
grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
## Note: not all of them need to be filled out for all operations
# autorun grouper system password (its not secure to have a plain text pass in a config file)
grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX

grouperInstaller.autorun.deleteAndInitDatabase = t
grouperInstaller.autorun.addQuickstartData = f
grouperInstaller.autorun.installClient = f

grouperInstaller.autorun.installGrouperActiveMqMessaging = t
grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/

grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/

grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/
16 changes: 16 additions & 0 deletions container_files/httpd/grouper-www.conf
View file
@@ -0,0 +1,16 @@

Timeout 2400
ProxyTimeout 2400
ProxyBadHeader Ignore

ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400
ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400
ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim timeout=2400

<Location /grouper>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession on
ShibUseHeaders On
require shibboleth
</Location>
28 changes: 28 additions & 0 deletions container_files/httpd/ssl-enabled.conf
View file
@@ -0,0 +1,28 @@
# modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)

Listen 443 https
<VirtualHost *:443>
RewriteEngine on
RewriteRule "^/$" "/grouper/" [R]

SSLEngine on
SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem

SSLCertificateFile /etc/pki/tls/certs/host-cert.pem

SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem

# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

153 changes: 153 additions & 0 deletions container_files/shibboleth/attribute-map.xml
View file
@@ -0,0 +1,153 @@
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<!--
The mappings are a mix of SAML 1.1 and SAML 2.0 attribute names agreed to within the Shibboleth
community. The non-OID URNs are SAML 1.1 names and most of the OIDs are SAML 2.0 names, with a
few exceptions for newer attributes where the name is the same for both versions. You will
usually want to uncomment or map the names for both SAML versions as a unit.
-->

<!-- First some useful eduPerson attributes that many sites might use. -->

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
<AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>

<!-- A persistent id attribute that supports personalized anonymous access. -->

<!-- First, the deprecated/incorrect version, decoded as a scoped string: -->
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
<!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> -->
</Attribute>

<!-- Second, an alternate decoder that will decode the incorrect form into the newer form. -->
<!--
<Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
<AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>
-->

<!-- Third, the new version (note the OID-style name): -->
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>

<!-- Fourth, the SAML 2.0 NameID Format: -->
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>

<!-- Some more eduPerson attributes, uncomment these to use them... -->
<!--
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
<AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
</Attribute>
<Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
<Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
-->

<!-- SCHAC attributes, uncomment to use... -->
<!--
<Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
-->

<!-- Examples of LDAP-based attributes, uncomment to use these... -->
<!--
<Attribute name="urn:oid:2.5.4.3" id="cn"/>
<Attribute name="urn:oid:2.5.4.4" id="sn"/>
<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
-->
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
<!--
<Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
<Attribute name="urn:oid:2.5.4.12" id="title"/>
<Attribute name="urn:oid:2.5.4.43" id="initials"/>
<Attribute name="urn:oid:2.5.4.13" id="description"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
<Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
<Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
<Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
<Attribute name="urn:oid:2.5.4.9" id="street"/>
<Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
<Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
<Attribute name="urn:oid:2.5.4.8" id="st"/>
<Attribute name="urn:oid:2.5.4.7" id="l"/>
<Attribute name="urn:oid:2.5.4.10" id="o"/>
<Attribute name="urn:oid:2.5.4.11" id="ou"/>
<Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
<Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
<Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
<Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
<Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
<Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
<Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
<Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
<Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
<Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
<Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
<Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
<Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
<Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
<Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
<Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
<Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
<Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
<Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
<Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
<Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
<Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
<Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
<Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
<Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
<Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
<Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
<Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
-->

</Attributes>
59 changes: 59 additions & 0 deletions container_files/shibboleth/shibd.logger
View file
@@ -0,0 +1,59 @@
# set overall behavior
log4j.rootCategory=INFO, shibd_log

# fairly verbose for DEBUG, so generally leave at INFO
log4j.category.XMLTooling.XMLObject=INFO
log4j.category.XMLTooling.KeyInfoResolver=INFO
log4j.category.Shibboleth.IPRange=INFO
log4j.category.Shibboleth.PropertySet=INFO

# raise for low-level tracing of SOAP client HTTP/SSL behavior
log4j.category.XMLTooling.libcurl=INFO

# useful categories to tune independently:
#
# tracing of SAML messages and security policies
#log4j.category.OpenSAML.MessageDecoder=DEBUG
#log4j.category.OpenSAML.MessageEncoder=DEBUG
#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
#log4j.category.XMLTooling.SOAPClient=DEBUG
# interprocess message remoting
#log4j.category.Shibboleth.Listener=DEBUG
# mapping of requests to applicationId
#log4j.category.Shibboleth.RequestMapper=DEBUG
# high level session cache operations
#log4j.category.Shibboleth.SessionCache=DEBUG
# persistent storage and caching
#log4j.category.XMLTooling.StorageService=DEBUG

# logs XML being signed or verified if set to DEBUG
log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
log4j.additivity.XMLTooling.Signature.Debugger=false

# the tran log blocks the "default" appender(s) at runtime
# Level should be left at INFO for this category
log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
log4j.additivity.Shibboleth-TRANSACTION=false
# uncomment to suppress particular event types
#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
#log4j.category.Shibboleth-TRANSACTION.Login=WARN
#log4j.category.Shibboleth-TRANSACTION.Logout=WARN

# define the appenders

log4j.appender.shibd_log=org.apache.log4j.FileAppender
log4j.appender.shibd_log.fileName=/tmp/logpipe
log4j.appender.shibd_log.maxFileSize=0
log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n

log4j.appender.tran_log=org.apache.log4j.FileAppender
log4j.appender.tran_log.fileName=/tmp/logpipe
log4j.appender.tran_log.maxFileSize=0
log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n

log4j.appender.sig_log=org.apache.log4j.FileAppender
log4j.appender.sig_log.fileName=/tmp/logpipe
log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m
6 changes: 6 additions & 0 deletions container_files/tier-support/grouper-ws-scim.xml
View file
@@ -0,0 +1,6 @@
<Context docBase="/opt/grouper/grouper.scim/" path="/grouper-ws-scim" reloadable="false">
<!-- Allow our symlinks to work-->
<Resources allowLinking="true" />
</Context>


4 changes: 4 additions & 0 deletions container_files/tier-support/grouper-ws.xml
View file
@@ -0,0 +1,4 @@
<Context docBase="/opt/grouper/grouper.ws/" path="/grouper-ws" reloadable="false">
<!-- Allow our symlinks to work-->
<Resources allowLinking="true" />
</Context>
4 changes: 4 additions & 0 deletions container_files/tier-support/grouper.xml
View file
@@ -0,0 +1,4 @@
<Context docBase="/opt/grouper/grouper.ui/" path="/grouper" reloadable="false">
<!-- Allow our symlinks to work-->
<Resources allowLinking="true" />
</Context>
39 changes: 39 additions & 0 deletions container_files/tier-support/supervisord-tomcat.conf
View file
@@ -0,0 +1,39 @@
[supervisord]
logfile=/tmp/logsuperd ; supervisord log file
logfile_maxbytes=0 ; maximum size of logfile before rotation
loglevel=error ; info, debug, warn, trace
nodaemon=true ; run supervisord as a daemon
user=root ; default user

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket

; Our processes
; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation

[program:httpd]
command=httpd -DFOREGROUND
stderr_logfile = /tmp/loghttpd
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/loghttpd
stdout_logfile_maxbytes=0

[program:shibbolethsp]
user=shibd
command=/usr/sbin/shibd -f -F
stderr_logfile = /tmp/logshidb
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/logshidb
stdout_logfile_maxbytes=0

[program:tomcat]
user=tomcat
command=/opt/tomcat/bin/catalina.sh run
stderr_logfile = /tmp/logtomcat
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/logtomcat
stdout_logfile_maxbytes=0

31 changes: 31 additions & 0 deletions container_files/tier-support/supervisord-tomee.conf
View file
@@ -0,0 +1,31 @@
[supervisord]
logfile=/tmp/logsuperd ; supervisord log file
logfile_maxbytes=0 ; maximum size of logfile before rotation
loglevel=error ; info, debug, warn, trace
nodaemon=true ; run supervisord as a daemon
user=root ; default user

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket

; Our processes
; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation

[program:httpd]
command=httpd -DFOREGROUND
stderr_logfile = /tmp/loghttpd
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/loghttpd
stdout_logfile_maxbytes=0

[program:tomee]
user=tomcat
command=/opt/tomee/bin/catalina.sh run
stderr_logfile = /tmp/logtomcat
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/logtomcat
stdout_logfile_maxbytes=0

3 changes: 3 additions & 0 deletions container_files/tomcat/bin/setenv.sh
View file
@@ -0,0 +1,3 @@
CLASSPATH=/opt/tomcat/bin/*
JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomcat/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
26 changes: 26 additions & 0 deletions container_files/tomcat/conf/log4j2.xml
View file
@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8"?>
<Configuration status="info">
<Properties>
<Property name="layout">%d [%t] %-5p %c- %m%n</Property>
</Properties>
<Appenders>
<File name="CATALINA"
fileName="/tmp/logpipe">
<PatternLayout pattern="tomcat;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
</File>
<File name="LOCALHOST"
fileName="/tmp/logpipe">
<PatternLayout pattern="tomcat;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
</File>

</Appenders>
<Loggers>
<Root level="info">
<AppenderRef ref="CATALINA"/>
</Root>
<Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
level="info" additivity="false">
<AppenderRef ref="LOCALHOST"/>
</Logger>
</Loggers>
</Configuration>
173 changes: 173 additions & 0 deletions container_files/tomcat/conf/server.xml
View file
@@ -0,0 +1,173 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<!--
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
-->
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->


<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" URIEncoding="UTF-8" />


<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
-->
</Realm>

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<!-- Managing through Apache HTTPD Server config
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
-->

</Host>
</Engine>
</Service>
</Server>
46 changes: 46 additions & 0 deletions container_files/tomcat/conf/tomcat-users.xml
View file
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="grouper_user"/>
<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/> -->
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
application.
-->
<!--
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
</tomcat-users>
3 changes: 3 additions & 0 deletions container_files/tomee/bin/setenv.sh
View file
@@ -0,0 +1,3 @@
CLASSPATH=/opt/tomee/bin/*
JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
26 changes: 26 additions & 0 deletions container_files/tomee/conf/log4j2.xml
View file
@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8"?>
<Configuration status="info">
<Properties>
<Property name="layout">%d [%t] %-5p %c- %m%n</Property>
</Properties>
<Appenders>
<File name="CATALINA"
fileName="/tmp/logpipe">
<PatternLayout pattern="tomee;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
</File>
<File name="LOCALHOST"
fileName="/tmp/logpipe">
<PatternLayout pattern="tomee;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
</File>

</Appenders>
<Loggers>
<Root level="info">
<AppenderRef ref="CATALINA"/>
</Root>
<Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
level="info" additivity="false">
<AppenderRef ref="LOCALHOST"/>
</Logger>
</Loggers>
</Configuration>
164 changes: 164 additions & 0 deletions container_files/tomee/conf/server.xml
View file
@@ -0,0 +1,164 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- TomEE plugin for Tomcat -->
<Listener className="org.apache.tomee.catalina.ServerListener" />
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->


<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
connectionTimeout="20000"
redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation with the JSSE engine. When
using the JSSE engine, the JSSE configuration attributes must be used.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" xpoweredBy="false" server="Apache TomEE" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation. When using the
APR/native implementation or the OpenSSL engine with NIO or NIO2 then
the OpenSSL configuration attributes must be used.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />


<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />

</Host>
</Engine>
</Service>
</Server>
51 changes: 51 additions & 0 deletions container_files/tomee/conf/tomcat-users.xml
View file
@@ -0,0 +1,51 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="grouper_user"/>
<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/>-->
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
application.
-->
<!--
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
<!-- Activate those lines to get access to TomEE GUI -->
<!--
<role rolename="tomee-admin" />
<user username="tomee" password="tomee" roles="tomee-admin,manager-gui" />
-->
</tomcat-users>
144 changes: 144 additions & 0 deletions container_files/ui/classes/log4j.properties
View file
@@ -0,0 +1,144 @@

#
# Copyright 2014 Internet2
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

#/opt/grouper/2.3.0/grouper.apiBinary-2.3.0/ will be substituted with the System property "grouper.home", which must have a trailing \ or /
# depending on your OS. Of course you can use absolute paths if you prefer


#
# log4j Configuration
# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
#

# Appenders

## Grouper API event logging
log4j.appender.grouper_event = org.apache.log4j.FileAppender
log4j.appender.grouper_event.file = /tmp/logpipe
log4j.appender.grouper_event.append = true
log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
log4j.appender.grouper_event.layout.ConversionPattern = grouper-ui;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

## Grouper API error logging
log4j.appender.grouper_error = org.apache.log4j.FileAppender
log4j.appender.grouper_error.file = /tmp/logpipe
log4j.appender.grouper_errot.append = true
log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
log4j.appender.grouper_error.layout.ConversionPattern = grouper-ui;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n

# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
log4j.appender.grouper_debug = org.apache.log4j.FileAppender
log4j.appender.grouper_debug.file = /tmp/logpipe
log4j.appender.grouper_debug.append = true
log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
log4j.appender.grouper_debug.layout.ConversionPattern = grouper-ui;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

## Benchmark logging
log4j.appender.grouper_gb = org.apache.log4j.FileAppender
log4j.appender.grouper_gb.file = /tmp/logpipe
log4j.appender.grouper_gb.append = true
log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
log4j.appender.grouper_gb.layout.ConversionPattern = grouper-ui;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n

# Loggers

## Default logger; will log *everything*
log4j.rootLogger = ERROR, grouper_error

## All Internet2 (warn to grouper_error per default logger)
log4j.logger.edu.internet2.middleware = WARN


# Provisioning : PSP (version 2.1+)
log4j.logger.edu.internet2.middleware.psp = INFO

# Provisioning : vt-ldap
# log4j.logger.edu.vt.middleware.ldap = INFO

# Provisioning : Grouper plugin to Shibboleth attribute resolver
# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO


# For more precise (or verbose) logging, enable one or more of the
# following logging directives. To remove duplicate entries, just change the
# level, and not where to send the logs
# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html

## Grouper Event Logging
## * Logs at _info_ only
log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event

## Grouper Error Logging
## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error

## Grouper Debug Logging
## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
## * Logs at _info_ only currently
#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug

## Grouper XML Export + Import Logging
## TODO Integrate with normal logging
log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event

## Grouper Benchmark Logging
log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb

## Grouper script to add missing group sets
log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event

## Grouper Sync Point in Time Tables
log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event

## Grouper Sync Stem Set Table
log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event

## Grouper Migrate Legacy Attributes
log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event

### Subject API
#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
### Hibernate
#log4j.logger.org.hibernate = ERROR, grouper_error
### ehcache
#log4j.logger.net.sf.ehcache = ERROR, grouper_error
### Spring
#log4j.logger.org.springframework = ERROR, grouper_error

## Grouper Stress Testing
log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug


#######################################################
##Optional settings for debug logs
#######################################################

## Hooks debug info
#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG

#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG


# added by grouper-installer
log4j.logger.org.apache.tools.ant = WARN
203 changes: 203 additions & 0 deletions container_files/ui/web.xml
View file
@@ -0,0 +1,203 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.s
un.com/xml/ns/j2ee/web-app_2_4.xsd">
<!--DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. CHANGE YOUR FILE specified by the build.properties value [additional.web.xml]. The contents of that file are merged into ${grouper-ui}/w
ebapp/WEB-INF/web.core.xml-->
<!--In webapp-->
<!--Processing context-param-->
<!--Processing filter-->
<!--Inserting tag from merge file-->
<filter>
<filter-name>GrouperUi</filter-name>
<filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
</filter>
<!--Inserting tag from merge file-->
<filter>
<filter-name>Error Catcher</filter-name>
<filter-class>edu.internet2.middleware.grouper.ui.ErrorFilter</filter-class>
</filter>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter>
<filter-name>Login check</filter-name>
<filter-class>edu.internet2.middleware.grouper.ui.LoginCheckFilter</filter-class>
<init-param>
<param-name>failureUrl</param-name>
<param-value>/index.jsp</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>
<param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status:</param-value>
</init-param>
<init-param>
<param-name>grouperRole</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter>
<filter-name>Caller page</filter-name>
<filter-class>edu.internet2.middleware.grouper.ui.CallerPageFilter</filter-class>
</filter>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<!--Processing filter-mapping-->
<!--Inserting tag from merge file-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<!--Inserting tag from merge file-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!--Inserting tag from merge file-->
<filter-mapping>
<filter-name>Error Catcher</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<!--Inserting tag from merge file-->
<filter-mapping>
<filter-name>Error Catcher</filter-name>
<url-pattern>/gotoCallerPage</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperUi/app/*</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperUi/appHtml/*</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperExternal/app/*</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperExternal/appHtml/*</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>GrouperUi</filter-name>
<url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>Caller page</filter-name>
<url-pattern>/gotoCallerPage</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>Login check</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--Processing listener-->
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<listener>
<listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
</listener>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>
<!--Processing servlet-->
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet>
<servlet-name>StatusServlet</servlet-name>
<display-name>Status Servlet</display-name>
<servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet>
<!-- Map the filter to a Servlet or URL -->

<servlet-name>UiServlet</servlet-name>
<servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet>
<servlet-name>OwaspJavaScriptServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
</servlet>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<!--Processing servlet-mapping-->
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>StatusServlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>UiServlet</servlet-name>
<url-pattern>/grouperUi/app/*</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>UiServlet</servlet-name>
<url-pattern>/grouperExternal/app/*</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>UiServlet</servlet-name>
<url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>UiServlet</servlet-name>
<url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>OwaspJavaScriptServlet</servlet-name>
<url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
</servlet-mapping>
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--Processing mime-mapping-->
<!--Processing error-page-->
<!--Processing error-page-->
<!--Processing taglib-->
<!--Processing resource-env-ref-->
<!--Processing resource-ref-->
<!--Processing security-constraint-->
<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
<!--Processing env-entry-->
<!--Processing ejb-ref-->
<!--Processing ejb-local-ref-->
</web-app>
9 changes: 9 additions & 0 deletions container_files/usr-local-bin/daemon
View file
@@ -0,0 +1,9 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepDaemon

export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"

exec bin/gsh -loader > /tmp/loggrouper
9 changes: 9 additions & 0 deletions container_files/usr-local-bin/gsh
View file
@@ -0,0 +1,9 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepDaemon

export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"

exec bin/gsh "$@" | tee /tmp/loggrouper
100 changes: 100 additions & 0 deletions container_files/usr-local-bin/library.sh
View file
@@ -0,0 +1,100 @@
#!/bin/sh

setupPipe() {
if [ -e $1 ]; then
rm $1
fi
mkfifo -m 666 $1
}

# Make a "console" logging pipe that anyone can write too regardless of who owns the process.
setupPipe /tmp/logpipe
cat <> /tmp/logpipe &

# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
setupPipe /tmp/loggrouper
(cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &

setupPipe /tmp/loghttpd
(cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &

setupPipe /tmp/logshibd
(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &

setupPipe /tmp/logtomcat
(cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &

setupPipe /tmp/logsuperd
(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &


linkGrouperSecrets() {
for filepath in /run/secrets/*; do
local label_file=`basename $filepath`
local file=$(echo $label_file| cut -d'_' -f 2)

if [[ $label_file == grouper_* ]]; then
ln -sf /run/secrets/$label_file $1/$file
elif [[ $label_file == shib_* ]]; then
ln -sf /run/secrets/$label_file /etc/shibboleth/$file
elif [[ $label_file == httpd_* ]]; then
ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file
elif [ "$label_file" == "host-key.pem" ]; then
ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
fi
done
}

prepDaemon() {
local dest=/opt/grouper/grouper.apiBinary
linkGrouperSecrets $dest/conf

if [ -d "/opt/grouper/conf" ]; then
cp /opt/grouper/conf/* $dest/conf/
fi
if [ -d "/opt/grouper/lib" ]; then
cp /opt/grouper/lib/* $dest/lib/
fi
}

prepSCIM() {
local dest=/opt/grouper/grouper.scim/WEB-INF
linkGrouperSecrets $dest/classes

if [ -d "/opt/grouper/conf" ]; then
cp /opt/grouper/conf/* $dest/classes/
fi
if [ -d "/opt/grouper/lib" ]; then
cp /opt/grouper/lib/* $dest/lib/
fi

cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
}

prepUI() {
local dest=/opt/grouper/grouper.ui/WEB-INF
linkGrouperSecrets $dest/classes

if [ -d "/opt/grouper/conf" ]; then
cp /opt/grouper/conf/* $dest/classes/
fi
if [ -d "/opt/grouper/lib" ]; then
cp /opt/grouper/lib/* $dest/lib/
fi

cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
}

prepWS() {
local dest=/opt/grouper/grouper.ws/WEB-INF
linkGrouperSecrets $dest/classes

if [ -d "/opt/grouper/conf" ]; then
cp /opt/grouper/conf/* $dest/classes/
fi
if [ -d "/opt/grouper/lib" ]; then
cp /opt/grouper/lib/* $dest/lib/
fi

cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
}
7 changes: 7 additions & 0 deletions container_files/usr-local-bin/scim
View file
@@ -0,0 +1,7 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepSCIM

exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
9 changes: 9 additions & 0 deletions container_files/usr-local-bin/ui
View file
@@ -0,0 +1,9 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepUI

export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH

exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
10 changes: 10 additions & 0 deletions container_files/usr-local-bin/ui-ws
View file
@@ -0,0 +1,10 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepUI
prepWS

export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH

/usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
7 changes: 7 additions & 0 deletions container_files/usr-local-bin/ws
View file
@@ -0,0 +1,7 @@
#!/bin/bash

. /usr/local/bin/library.sh

prepWS

exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
20 changes: 0 additions & 20 deletions container_files/wait-for-it/LICENSE
View file

This file was deleted.

59 changes: 0 additions & 59 deletions container_files/wait-for-it/README.md
View file

This file was deleted.

161 changes: 0 additions & 161 deletions container_files/wait-for-it/wait-for-it.sh
View file

This file was deleted.

0 comments on commit 1893330

Please sign in to comment.