diff --git a/Dockerfile b/Dockerfile
index e74ebcfa..a512be2a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shibboleth_sp:3.4.0_02092023_rocky8_multiarch
+FROM --platform=$TARGETPLATFORM rockylinux:8.6
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -8,15 +8,15 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ARG GROUPER_CONTAINER_VERSION
-ENV GROUPER_VERSION=4.1.0 \
- GROUPER_CONTAINER_VERSION=4.1.0 \
+ENV GROUPER_VERSION=5.0.0 \
+ GROUPER_CONTAINER_VERSION=5.0.0 \
JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
PATH=$PATH:$JAVA_HOME/bin \
GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
-# net-tools curl mlocate strace telnet man vim rsyslog cron httpd mod_ssl cronie
+# net-tools curl mlocate strace telnet man vim rsyslog cron mod_ssl cronie
RUN yum update -y \
- && yum install -y logrotate python3-pip rsync sudo patch supervisor wget tar unzip dos2unix file \
+ && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file net-tools curl mlocate logrotate strace telnet man vim rsyslog cronie findutils \
&& pip3 install --upgrade setuptools \
&& yum clean -y all \
&& groupadd -r tomcat \
@@ -34,11 +34,10 @@ RUN rpm --import https://yum.corretto.aws/corretto.key \
# real copy command (if not caching), uncomment this and change comments of COPY above to work on install script
COPY container_files/ /opt/container_files/
-RUN cd /tmp \
- && chmod +x /opt/container_files/docker-build-bin/*.sh \
- && /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files \
- && /opt/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh $JAVA_HOME $GROUPER_VERSION \
- && /opt/container_files/docker-build-bin/containerDockerfileInstall.sh $JAVA_HOME $GROUPER_VERSION
+RUN chmod +x /opt/container_files/docker-build-bin/*.sh
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallGrouper.sh $JAVA_HOME $GROUPER_VERSION
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstall.sh $JAVA_HOME $GROUPER_VERSION
# testing container
@@ -52,3 +51,5 @@ EXPOSE 80 443
HEALTHCHECK NONE
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+#ENTRYPOINT ["ping"]
+#CMD ["google.com"]
diff --git a/Dockerfile2 b/Dockerfile2
index 03ac5d23..8293e6ed 100644
--- a/Dockerfile2
+++ b/Dockerfile2
@@ -1,4 +1,4 @@
-FROM centos:centos7
+FROM --platform=$TARGETPLATFORM rockylinux:8.6
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -8,8 +8,8 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ARG GROUPER_CONTAINER_VERSION
-ENV GROUPER_VERSION=2.6.17 \
- GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION \
+ENV GROUPER_VERSION=4.1.0 \
+ GROUPER_CONTAINER_VERSION=5.0.0 \
JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto \
PATH=$PATH:$JAVA_HOME/bin \
GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
@@ -17,11 +17,11 @@ ENV GROUPER_VERSION=2.6.17 \
RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network
RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && yum -y update && \
- yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man vim rsyslog cron httpd mod_ssl dos2unix cronie supervisor && \
+ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man vim rsyslog cron mod_ssl dos2unix cronie && \
yum clean all
RUN yum update -y \
- && yum install -y logrotate python3-pip rsync sudo patch supervisor wget tar unzip dos2unix file \
+ && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file \
&& pip3 install --upgrade setuptools \
&& yum clean -y all \
&& groupadd -r tomcat \
@@ -51,7 +51,6 @@ RUN cd /tmp \
COPY container_files/ /opt/container_files/
RUN cd /tmp \
- && mkdir /etc/shibboleth \
&& chmod +x /opt/container_files/docker-build-bin/*.sh \
&& /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /opt/container_files \
&& /opt/container_files/docker-build-bin/containerDockerfileInstall.sh $JAVA_HOME $GROUPER_VERSION
diff --git a/container_files/docker-build-bin/containerDockerfileInstall.sh b/container_files/docker-build-bin/containerDockerfileInstall.sh
index 2afec74d..5fc89a72 100644
--- a/container_files/docker-build-bin/containerDockerfileInstall.sh
+++ b/container_files/docker-build-bin/containerDockerfileInstall.sh
@@ -115,21 +115,6 @@ returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/usr-local-bin/* /usr/local/bin/, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
-mv /opt/container_files/httpd/* /etc/httpd/conf.d/
-returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/httpd/* /etc/httpd/conf.d/, result: $returnCode"
-if [ $returnCode != 0 ]; then exit $returnCode; fi
-
-mv /opt/container_files/shibboleth/* /etc/shibboleth/
-returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/shibboleth/* /etc/shibboleth/, result: $returnCode"
-if [ $returnCode != 0 ]; then exit $returnCode; fi
-
-cp /dev/null /etc/httpd/conf.d/ssl.conf
-returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /dev/null /etc/httpd/conf.d/ssl.conf, result: $returnCode"
-if [ $returnCode != 0 ]; then exit $returnCode; fi
-
rm -f /opt/tomcat/bin/log4j-*
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomcat/bin/log4j-*, result: $returnCode"
@@ -200,30 +185,6 @@ returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
-cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null
-returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
-if [ $returnCode != 0 ]; then exit $returnCode; fi
-
-cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null
-returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
-if [ $returnCode != 0 ]; then exit $returnCode; fi
-
-if [ -f /etc/httpd/conf.d/httpd-shib.conf ]; then
- cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null
- returnCode=$?
- echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-fi
-
-if [ -f /etc/httpd/conf.d/shib.conf ]; then
- cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null
- returnCode=$?
- echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-fi
-
cp /opt/tomcat/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/tomcat/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode"
diff --git a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
index 2f8c49d0..82288c89 100644
--- a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
+++ b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
@@ -11,67 +11,67 @@ group=$2
# this needs to exist
mkdir -p /opt/tier
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print | wc -l)
if [ $lines -ne 0 ]; then
- chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print)
+ chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print | wc -l)
if [ $lines -ne 0 ]; then
- chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print)
+ chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod g+rwxs $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print)
+ chmod g+rwxs $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod g+rwxs \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod g+rwxs \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type d ! -perm -g+rwxs -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod g+rw $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print)
+ chmod g+rw $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod g+rw \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod g+rw \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f ! -perm -g+rw -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod o-w $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print)
+ chmod o-w $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod o-w \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod o-w \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat /usr/local/bin.d $JAVA_HOME/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -perm -o+w -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print)
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -g+x -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -g+x -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -g+x -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print)
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -u+x -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -u+x -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -u+x -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
-lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print | wc -l)
+lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print | wc -l)
if [ $lines -ne 0 ]; then
- chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print)
+ chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name "*.sh" ! -perm -o+x -print)
returnCode=$?
- echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -o+x -print), result: $returnCode"
+ echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomcat /home/tomcat.d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -type f -name \"*.sh\" ! -perm -o+x -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
diff --git a/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml b/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml
index 967ee508..f99ce6ee 100644
--- a/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml
+++ b/container_files/grouperWebapp/WEB-INF/classes/log4j2.xml
@@ -61,115 +61,71 @@
<DefaultRolloverStrategy max="30" />
</RollingFile>
__FILEEND__
- __LOGPIPESTART__
- <File name="logpipe_catalina" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}tomcat;catalina.out;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_error" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}grouper_error.log;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_daemon" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}grouperDaemon.log;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_pspng" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}pspng.log;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_provisioning" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}provisioning.log;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_ws" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}grouper_ws.log;${env}${usertoken}${layout}"/>
- </File>
- <File name="logpipe_grouper_ws_longRunning" fileName="/tmp/logpipe">
- <PatternLayout pattern="${grouplogprefix}grouper_ws_longRunning.log;${env}${usertoken}${layout}"/>
- </File>
- __LOGPIPEEND__
<!--MOREAPPENDERS-->
</Appenders>
<Loggers>
<Root level="error">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Root>
<Logger name="org.apache.catalina" level="info" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_catalina" />__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_catalina"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware" level="warn" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_daemon"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_daemon"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.pspng" level="warn" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_pspng"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_pspng"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_provisioning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogCommands" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="org.apache.tools.ant" level="warn" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.util.PerformanceLogger" level="info" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLog" level="off" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_ws"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_ws"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLongRunningLog" level="off" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_ws_longRunning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_ws_longRunning"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.ui.customUi.CustomUiEngine" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.upenn.isc.pennGrouper.o365" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.remedy.GrouperRemedyLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_provisioning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.remedy.digitalMarketplace.GrouperDigitalMarketplaceLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_provisioning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouperBox.GrouperBoxLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_provisioning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouperClient.jdbc.tableSync.GcTableSyncLog" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_error"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_error"/>__FILEEND__
</Logger>
<Logger name="edu.internet2.middleware.grouper.app.zoom" level="debug" additivity="false">
- __LOGPIPESTART__<AppenderRef ref="logpipe_grouper_provisioning"/>__LOGPIPEEND__
__FILESTART__<AppenderRef ref="file_grouper_provisioning"/>__FILEEND__
</Logger>
diff --git a/container_files/httpd/grouper-www.conf b/container_files/httpd/grouper-www.conf
deleted file mode 100644
index 546a5778..00000000
--- a/container_files/httpd/grouper-www.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-
-Timeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
-ProxyTimeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
-ProxyBadHeader Ignore
-
-# the variable for _ _GROUPER_APACHE_AJP_TIMEOUT_SECONDS_ _ will be replaced to default for one hour on startup env var $GROUPER_APACHE_AJP_TIMEOUT_SECONDS
-# the variable for _ _THE_AJP_URL_ _ (no spaces) will be replaced with something like: ajp://localhost:port/grouper on startup
-# the variable for _ _GROUPER_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper url
-# the variable for _ _GROUPERWS_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper-ws url
-# the variable for _ _GROUPER_TOMCAT_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_TOMCAT_CONTEXT
-# the variable for _ _GROUPER_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_URL_CONTEXT
-# the variable for _ _GROUPERWS_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPERWS_URL_CONTEXT
-__GROUPER_PROXY_PASS__ProxyPass /__GROUPER_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
-__GROUPERWS_PROXY_PASS__ProxyPass /__GROUPERWS_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
-
-__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
-__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/__GROUPER_URL_CONTEXT__/" [R]
-
diff --git a/container_files/httpd/httpd.conf.noindexes.patch b/container_files/httpd/httpd.conf.noindexes.patch
deleted file mode 100644
index d76a47fb..00000000
--- a/container_files/httpd/httpd.conf.noindexes.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- httpd.conf.20200720 2020-07-19 14:50:57.470136000 +0000
-+++ httpd.conf 2020-07-19 14:51:35.994475000 +0000
-@@ -141,7 +141,7 @@
- # http://httpd.apache.org/docs/2.4/mod/core.html#options
- # for more information.
- #
-- Options Indexes FollowSymLinks
-+ Options FollowSymLinks
-
- #
- # AllowOverride controls what directives may be placed in .htaccess files.
diff --git a/container_files/httpd/ssl-enabled.conf b/container_files/httpd/ssl-enabled.conf
deleted file mode 100644
index f213df76..00000000
--- a/container_files/httpd/ssl-enabled.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# modern configuration, tweak to your needs
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-SSLHonorCipherOrder on
-SSLCompression off
-
-# OCSP Stapling, only in httpd 2.3.3 and later
-SSLUseStapling __GROUPER_SSL_USE_STAPLING__
-SSLStaplingResponderTimeout 5
-SSLStaplingReturnResponderErrors off
-SSLStaplingCache shmcb:/var/run/ocsp(128000)
-
-Listen __GROUPER_APACHE_SSL_PORT__ https
-<VirtualHost *:__GROUPER_APACHE_SSL_PORT__>
-
-__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
-__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/grouper/" [R]
-
- SSLEngine on
- SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__
-
- SSLCertificateFile __GROUPER_SSL_CERT_FILE__
-
- SSLCertificateKeyFile __GROUPER_SSL_KEY_FILE__
-
- # HSTS (mod_headers is required) (15768000 seconds = 6 months)
- Header always set Strict-Transport-Security "max-age=15768000"
-</VirtualHost>
-
diff --git a/container_files/shibboleth/attribute-map.xml b/container_files/shibboleth/attribute-map.xml
deleted file mode 100644
index a6725f3e..00000000
--- a/container_files/shibboleth/attribute-map.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
- <!--
- The mappings are a mix of SAML 1.1 and SAML 2.0 attribute names agreed to within the Shibboleth
- community. The non-OID URNs are SAML 1.1 names and most of the OIDs are SAML 2.0 names, with a
- few exceptions for newer attributes where the name is the same for both versions. You will
- usually want to uncomment or map the names for both SAML versions as a unit.
- -->
-
- <!-- First some useful eduPerson attributes that many sites might use. -->
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" id="affiliation">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder" caseSensitive="false"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" id="unscoped-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation" id="unscoped-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" id="entitlement"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonEntitlement" id="entitlement"/>
-
- <!-- A persistent id attribute that supports personalized anonymous access. -->
-
- <!-- First, the deprecated/incorrect version, decoded as a scoped string: -->
- <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
- <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
- <!-- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/> -->
- </Attribute>
-
- <!-- Second, an alternate decoder that will decode the incorrect form into the newer form. -->
- <!--
- <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDFromScopedAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
- -->
-
- <!-- Third, the new version (note the OID-style name): -->
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
-
- <!-- Fourth, the SAML 2.0 NameID Format: -->
- <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
- <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
- </Attribute>
-
- <!-- Some more eduPerson attributes, uncomment these to use them... -->
- <!--
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" id="assurance"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="member"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.1" id="eduCourseOffering"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
-
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" id="primary-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" id="nickname"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.8" id="primary-orgunit-dn"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.4" id="orgunit-dn"/>
- <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.3" id="org-dn"/>
-
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" id="primary-affiliation">
- <AttributeDecoder xsi:type="StringAttributeDecoder" caseSensitive="false"/>
- </Attribute>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonNickname" id="nickname"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" id="primary-orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" id="orgunit-dn"/>
- <Attribute name="urn:mace:dir:attribute-def:eduPersonOrgDN" id="org-dn"/>
- -->
-
- <!-- SCHAC attributes, uncomment to use... -->
- <!--
- <Attribute name="urn:oid:1.3.6.1.4.1.25178.1.2.9" id="schacHomeOrganization"/>
- -->
-
- <!-- Examples of LDAP-based attributes, uncomment to use these... -->
- <!--
- <Attribute name="urn:oid:2.5.4.3" id="cn"/>
- <Attribute name="urn:oid:2.5.4.4" id="sn"/>
- <Attribute name="urn:oid:2.5.4.42" id="givenName"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
- -->
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
- <!--
- <Attribute name="urn:oid:2.5.4.20" id="telephoneNumber"/>
- <Attribute name="urn:oid:2.5.4.12" id="title"/>
- <Attribute name="urn:oid:2.5.4.43" id="initials"/>
- <Attribute name="urn:oid:2.5.4.13" id="description"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.1" id="carLicense"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.2" id="departmentNumber"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.3" id="employeeNumber"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.4" id="employeeType"/>
- <Attribute name="urn:oid:2.16.840.1.113730.3.1.39" id="preferredLanguage"/>
- <Attribute name="urn:oid:0.9.2342.19200300.100.1.10" id="manager"/>
- <Attribute name="urn:oid:2.5.4.34" id="seeAlso"/>
- <Attribute name="urn:oid:2.5.4.23" id="facsimileTelephoneNumber"/>
- <Attribute name="urn:oid:2.5.4.9" id="street"/>
- <Attribute name="urn:oid:2.5.4.18" id="postOfficeBox"/>
- <Attribute name="urn:oid:2.5.4.17" id="postalCode"/>
- <Attribute name="urn:oid:2.5.4.8" id="st"/>
- <Attribute name="urn:oid:2.5.4.7" id="l"/>
- <Attribute name="urn:oid:2.5.4.10" id="o"/>
- <Attribute name="urn:oid:2.5.4.11" id="ou"/>
- <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
- <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
-
- <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/>
- <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/>
- <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/>
- <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
- <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
- <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
- <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:title" id="title"/>
- <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/>
- <Attribute name="urn:mace:dir:attribute-def:description" id="description"/>
- <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/>
- <Attribute name="urn:mace:dir:attribute-def:departmentNumber" id="departmentNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeNumber" id="employeeNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:employeeType" id="employeeType"/>
- <Attribute name="urn:mace:dir:attribute-def:preferredLanguage" id="preferredLanguage"/>
- <Attribute name="urn:mace:dir:attribute-def:manager" id="manager"/>
- <Attribute name="urn:mace:dir:attribute-def:seeAlso" id="seeAlso"/>
- <Attribute name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" id="facsimileTelephoneNumber"/>
- <Attribute name="urn:mace:dir:attribute-def:street" id="street"/>
- <Attribute name="urn:mace:dir:attribute-def:postOfficeBox" id="postOfficeBox"/>
- <Attribute name="urn:mace:dir:attribute-def:postalCode" id="postalCode"/>
- <Attribute name="urn:mace:dir:attribute-def:st" id="st"/>
- <Attribute name="urn:mace:dir:attribute-def:l" id="l"/>
- <Attribute name="urn:mace:dir:attribute-def:o" id="o"/>
- <Attribute name="urn:mace:dir:attribute-def:ou" id="ou"/>
- <Attribute name="urn:mace:dir:attribute-def:businessCategory" id="businessCategory"/>
- <Attribute name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" id="physicalDeliveryOfficeName"/>
- -->
-
-</Attributes>
diff --git a/container_files/shibboleth/native.logger b/container_files/shibboleth/native.logger
deleted file mode 100644
index 0b01f32f..00000000
--- a/container_files/shibboleth/native.logger
+++ /dev/null
@@ -1,39 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, native_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# define the appender
-
-log4j.appender.native_log=org.apache.log4j.FileAppender
-log4j.appender.native_log.fileName=/tmp/logpipe
-log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/tmp/logpipe
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
diff --git a/container_files/shibboleth/shibd.logger b/container_files/shibboleth/shibd.logger
deleted file mode 100644
index c5685b29..00000000
--- a/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,59 +0,0 @@
-# set overall behavior
-log4j.rootCategory=INFO, shibd_log
-
-# fairly verbose for DEBUG, so generally leave at INFO
-log4j.category.XMLTooling.XMLObject=INFO
-log4j.category.XMLTooling.KeyInfoResolver=INFO
-log4j.category.Shibboleth.IPRange=INFO
-log4j.category.Shibboleth.PropertySet=INFO
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=INFO
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at INFO for this category
-log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.FileAppender
-log4j.appender.shibd_log.fileName=/tmp/logpipe
-log4j.appender.shibd_log.maxFileSize=0
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.tran_log=org.apache.log4j.FileAppender
-log4j.appender.tran_log.fileName=/tmp/logpipe
-log4j.appender.tran_log.maxFileSize=0
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/tmp/logpipe
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m
diff --git a/container_files/tier-support/httpd-shib.conf b/container_files/tier-support/httpd-shib.conf
deleted file mode 100644
index 134c70bd..00000000
--- a/container_files/tier-support/httpd-shib.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-<Location /grouper>
- AuthType shibboleth
- ShibRequestSetting requireSession 1
- ShibRequireSession on
- ShibUseHeaders On
- require shibboleth
-</Location>
diff --git a/container_files/tier-support/supervisord-base.conf b/container_files/tier-support/supervisord-base.conf
deleted file mode 100644
index 10768344..00000000
--- a/container_files/tier-support/supervisord-base.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-__GROUPER_RUN_PROCESSES_AS_USERS__user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
diff --git a/container_files/tier-support/supervisord-httpd.conf b/container_files/tier-support/supervisord-httpd.conf
deleted file mode 100644
index 9e293b84..00000000
--- a/container_files/tier-support/supervisord-httpd.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
diff --git a/container_files/tier-support/supervisord-shibsp.conf b/container_files/tier-support/supervisord-shibsp.conf
deleted file mode 100644
index 8a41f175..00000000
--- a/container_files/tier-support/supervisord-shibsp.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[program:shibbolethsp]
-__GROUPER_RUN_PROCESSES_AS_USERS__user=shibd
-command=/usr/sbin/shibd -f -F
-stderr_logfile = /tmp/logshibd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logshibd
-stdout_logfile_maxbytes=0
-environment=LD_LIBRARY_PATH=/opt/shibboleth/lib64
diff --git a/container_files/tier-support/supervisord-tomcat.conf b/container_files/tier-support/supervisord-tomcat.conf
deleted file mode 100644
index fd17f0fa..00000000
--- a/container_files/tier-support/supervisord-tomcat.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-[program:tomcat]
-__GROUPER_RUN_PROCESSES_AS_USERS__user=tomcat
-command=/opt/tomcat/bin/catalina.sh run
-stderr_logfile = /tmp/logtomcat
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logtomcat
-stdout_logfile_maxbytes=0
-environment=UMASK=002
-
-
diff --git a/container_files/tier-support/supervisord.conf b/container_files/tier-support/supervisord.conf
deleted file mode 100644
index ecd11efe..00000000
--- a/container_files/tier-support/supervisord.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-__GROUPER_RUN_PROCESSES_AS_USERS__user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
diff --git a/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
index 75960991..0b1df4d8 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
@@ -25,20 +25,8 @@ testContainerDaemon() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileNotContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
-
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "true"
@@ -48,24 +36,18 @@ testContainerDaemon() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-daemon"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS "#"
- assertEnvVarNot GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "false"
assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
- assertEnvVarNot GROUPER_UI_ONLY "true"
assertEnvVar GROUPER_URL_CONTEXT "grouper"
assertEnvVar GROUPER_USE_SSL "true"
assertEnvVar GROUPER_WS "false"
assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 0
- assertNumberOfShibProcesses 0
assertNotListeningOnPort 443
assertNotListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
index 29fca8e5..d5f1cac3 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
@@ -197,28 +197,6 @@ assertNumberOfTomcatProcesses() {
assertEquals "tomcat process count" "$1" "$var"
}
-assertNumberOfApacheProcesses() {
- if [ "$#" -ne 1 ]; then
- # generally 0 or 5 processes
- echo "You must enter exactly 1 arguments: the number of apache processes"
- exit 1
- fi
- local command="docker exec -it $containerName ps -ef | grep "^apache" | wc -l | xargs"
- local var="$(runCommand "$command")"
- assertEquals "apache process count" "$1" "$var"
-}
-
-assertNumberOfShibProcesses() {
- if [ "$#" -ne 1 ]; then
- # generally 0 or 5 processes
- echo "You must enter exactly 1 arguments: the number of shib processes"
- exit 1
- fi
- local command="docker exec -it $containerName ps -ef | grep "^shibd" | wc -l | xargs"
- local var="$(runCommand "$command")"
- assertEquals "shib process count" "$1" "$var"
-}
-
assertEnvVar() {
if [ "$#" -ne 2 ]; then
echo "You must enter exactly 2 arguments: the env var name and value"
@@ -251,8 +229,6 @@ grouperContainerUnitTestLibrary_unsetAll() {
unset -f assertListeningOnPort
unset -f assertNotEquals
unset -f assertNotListeningOnPort
- unset -f assertNumberOfApacheProcesses
- unset -f assertNumberOfShibProcesses
unset -f assertNumberOfTomcatProcesses
unset -f dockerRemoveContainer
unset -f dockerRemoveSubimage
@@ -272,8 +248,6 @@ grouperContainerUnitTestLibrary_exportAll() {
export -f assertListeningOnPort
export -f assertNotEquals
export -f assertNotListeningOnPort
- export -f assertNumberOfApacheProcesses
- export -f assertNumberOfShibProcesses
export -f assertNumberOfTomcatProcesses
export -f dockerRemoveContainer
export -f dockerRemoveSubimage
diff --git a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
index 6b46af94..fd4afdbc 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
@@ -28,31 +28,14 @@ testContainerQuickstart() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
-
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties GROUPERSYSTEM_QUICKSTART_PASS
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper;"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
assertEnvVar GROUPERWS_PROXY_PASS ""
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "true"
@@ -62,9 +45,7 @@ testContainerQuickstart() {
assertEnvVar GROUPER_LOG_PREFIX "grouper"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVar GROUPER_RUN_SHIB_SP "false"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "true"
@@ -77,9 +58,6 @@ testContainerQuickstart() {
assertEnvVar GROUPER_WS_GROUPER_AUTH "true"
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 0
assertListeningOnPort 443
assertListeningOnPort 80
@@ -113,8 +91,6 @@ testContainerQuickstart() {
sleep $globalSleepSecondsAfterRun
assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 0
assertListeningOnPort 443
assertListeningOnPort 80
@@ -128,9 +104,7 @@ testContainerQuickstart() {
assertLocalFileContains index.html 'end index.jsp'
containerCommandResultEquals "ps -ef | grep root | grep cat | grep -v grep | wc -l" 6
- containerCommandResultEquals "ps -ef | grep root | grep awk | grep supervisord | wc -l" 1
containerCommandResultEquals "ps -ef | grep root | grep awk | grep grouper | wc -l" 1
- containerCommandResultEquals "ps -ef | grep root | grep awk | grep httpd | wc -l" 1
containerCommandResultEquals "ps -ef | grep root | grep awk | grep tomcat | wc -l" 1
docker-compose down
diff --git a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
index e977534c..2a707c1d 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
@@ -12,39 +12,20 @@ testContainerSelfSigned() {
echo
echo '################'
echo Running container as ui with self signed cert
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e -e =10.0.2.16/28 $imageName ui"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true $imageName ui
sleep $globalSleepSecondsAfterRun
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/localhost.crt"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/localhost.key"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/localhost.crt"
assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/localhost.key"
assertEnvVar GROUPER_SSL_USE_STAPLING "true"
-
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /grouper ajp://localhost:8009/grouper timeout=3600"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws ajp://localhost:8009/grouper timeout=3600"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "\"/grouper/\""
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader myRemoteIpHeader"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy 10.0.2.16/28"
-
-
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -54,9 +35,7 @@ testContainerSelfSigned() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVar GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_SELF_SIGNED_CERT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
@@ -70,8 +49,6 @@ testContainerSelfSigned() {
assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 1
}
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
index c1ac11e7..bc75c24c 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUi.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
@@ -29,26 +29,6 @@ testContainerUi() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
-
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/host-cert.pem"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "RewriteRule"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "RewriteRule"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/host-cert.pem"
assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/host-key.pem"
@@ -57,23 +37,12 @@ testContainerUi() {
assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper.xml 'cookies="true"'
- assertFileNotContains /etc/httpd/conf/httpd.conf "Options Indexes"
-
- assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>600</session-timeout>"
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "ServerName"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy"
-
assertFileNotContains /opt/tomcat/conf/server.xml "AccessLogValve"
assertFileContains /opt/tomcat/conf/server.xml "maxHeaderCount"
@@ -82,13 +51,9 @@ testContainerUi() {
assertFileContains /opt/tomcat/conf/server.xml "tomcatAuthentication"
- assertEnvVarNot GROUPER_APACHE_SERVER_NAME https://a.b.c:443
assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "false"
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -98,9 +63,7 @@ testContainerUi() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVar GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "true"
@@ -113,9 +76,6 @@ testContainerUi() {
assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 0
- assertNumberOfShibProcesses 1
assertNotListeningOnPort 443
assertNotListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
index 6bc0fdb5..cffe921b 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
@@ -12,11 +12,11 @@ testContainerUi2() {
echo
echo '################'
echo Running container as ui
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui
sleep $globalSleepSecondsAfterRun
@@ -29,28 +29,9 @@ testContainerUi2() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
-
assertFileContains /opt/tomcat/conf/server.xml "maxHeaderCount"
assertFileContains /opt/tomcat/conf/server.xml "1235"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling off"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /a/b/cert"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /a/b/key"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /a/b/chain"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "grouper/status"
-
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "true"
assertEnvVar GROUPER_SSL_CERT_FILE "/a/b/cert"
assertEnvVar GROUPER_SSL_KEY_FILE "/a/b/key"
@@ -58,9 +39,6 @@ testContainerUi2() {
assertEnvVar GROUPER_SSL_USE_STAPLING "false"
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 0
- assertNumberOfShibProcesses 1
assertNotListeningOnPort 443
assertNotListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
index 9857d002..fc0249d0 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
@@ -12,36 +12,18 @@ testContainerUiDifferentPorts() {
echo
echo '################'
echo Running container as ui with self signed cert with different ports
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui
sleep $globalSleepSecondsAfterRun
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "81"
- assertEnvVar GROUPER_APACHE_SSL_PORT "444"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "2999"
-
assertEnvVar GROUPER_TOMCAT_HTTP_PORT "8600"
assertEnvVar GROUPER_TOMCAT_AJP_PORT "8601"
assertEnvVar GROUPER_TOMCAT_SHUTDOWN_PORT "8602"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "2999"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "2400"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status2_grouper/status ajp://localhost:8601/grouper/status timeout=2401"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 444 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileNotContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 81"
-
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 1
assertListeningOnPort 444
assertListeningOnPort 81
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
index 4aa5a635..6ebffefa 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
@@ -12,30 +12,13 @@ testContainerUiNoSsl() {
echo
echo '################'
echo Running container as ui without SSL with SSL client
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
sleep $globalSleepSecondsAfterRun
- assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
- assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
- assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
- assertFileNotExists /etc/httpd/conf.d/ssl.conf
-
- assertFileContains /etc/httpd/conf/httpd.conf "Options Indexes"
-
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
- assertFileContains /opt/tomcat/conf/server.xml "AccessLogValve"
- assertFileContains /opt/tomcat/conf/server.xml 'secure="true"'
- assertFileContains /opt/tomcat/conf/server.xml 'scheme="https"'
- assertFileNotContains /opt/tomcat/conf/server.xml 'scheme="http"'
assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>30</session-timeout>"
assertFileNotContains /opt/tomcat/conf/server.xml "maxHeaderCount"
@@ -43,8 +26,6 @@ testContainerUiNoSsl() {
assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "true"
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -54,9 +35,7 @@ testContainerUiNoSsl() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVar GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "true"
@@ -70,8 +49,6 @@ testContainerUiNoSsl() {
assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true"
assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 1
assertNotListeningOnPort 443
assertListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
index 5e397897..9ab005c1 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
@@ -19,11 +19,6 @@ testContainerUiNoSslOrClient() {
docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui
sleep $globalSleepSecondsAfterRun
- assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
- assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
- assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
- assertFileNotExists /etc/httpd/conf.d/ssl.conf
-
assertFileNotContains /opt/tomcat/conf/server.xml 'secure="true"'
assertFileNotContains /opt/tomcat/conf/server.xml 'scheme="https"'
assertFileContains /opt/tomcat/conf/server.xml 'scheme="http"'
@@ -32,10 +27,6 @@ testContainerUiNoSslOrClient() {
assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false"
- assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 1
-
assertNotListeningOnPort 443
assertListeningOnPort 80
assertListeningOnPort 8009
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
index c0572ce7..7c4355d4 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
@@ -39,31 +39,13 @@ testContainerUiSubimage() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
-
- assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -73,9 +55,7 @@ testContainerUiSubimage() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVar GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "true"
@@ -88,9 +68,6 @@ testContainerUiSubimage() {
assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
assertNumberOfTomcatProcesses 1
- # bad cert apache wont start
- assertNumberOfApacheProcesses 0
- assertNumberOfShibProcesses 1
assertNotListeningOnPort 443
assertNotListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
index cfa2327b..88925c26 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
@@ -25,13 +25,13 @@ testContainerUiSubimageNonroot() {
echo cat DockerFile
cat Dockerfile
echo "docker build -t $subimageId ."
- echo "docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui"
+ echo "docker run --detach --name $containerName -u $myId --publish 8080:8080 $subimageId ui"
echo '################'
echo
docker build -t "$subimageId" .
- docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui
+ docker run --detach --name $containerName -u $myId --publish 8080:8080 $subimageId ui
sleep $globalSleepSecondsAfterRun
assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
@@ -40,7 +40,6 @@ testContainerUiSubimageNonroot() {
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
- assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "/tmp/logpipe"
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ui;"
assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
@@ -48,9 +47,6 @@ testContainerUiSubimageNonroot() {
assertEnvVar GROUPERWS_PROXY_PASS "#"
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVarNot GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -60,9 +56,7 @@ testContainerUiSubimageNonroot() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS ""
- assertEnvVarNot GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
assertEnvVar GROUPER_UI "true"
@@ -76,9 +70,6 @@ testContainerUiSubimageNonroot() {
#tomcat doesnt like no database there
#assertNumberOfTomcatProcesses 13
- # bad cert apache wont start
- assertNumberOfApacheProcesses 0
- assertNumberOfShibProcesses 0
assertNotListeningOnPort 443
assertNotListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWs.sh b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
index a82d8e84..3afd3eac 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestWs.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
@@ -12,11 +12,11 @@ testContainerWs() {
echo
echo '################'
echo Running container as ws
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName ws"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName ws
sleep $globalSleepSecondsAfterRun
assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
@@ -29,34 +29,13 @@ testContainerWs() {
assertFileNotContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="true"'
assertFileContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="false"'
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
-
assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>1</session-timeout>"
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
-
- assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
assertEnvVar GROUPERWS_PROXY_PASS ""
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -66,9 +45,7 @@ testContainerWs() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS "#"
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
assertEnvVar GROUPER_UI "false"
@@ -82,8 +59,6 @@ testContainerWs() {
assertEnvVar GROUPER_WS_ONLY "true"
assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 0
assertListeningOnPort 443
assertListeningOnPort 80
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
index 3834ad6e..5d820422 100644
--- a/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
+++ b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
@@ -12,11 +12,11 @@ testContainerWsAuthn() {
echo
echo '################'
echo Running container as ws with tomcat authn
- echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
echo '################'
echo
- docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
sleep $globalSleepSecondsAfterRun
assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
@@ -29,34 +29,13 @@ testContainerWsAuthn() {
assertFileContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="true"'
assertFileNotContains /opt/tomcat/conf/server.xml 'tomcatAuthentication="false"'
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
- assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
- assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
- assertFileContains /opt/tier-support/supervisord.conf "program:tomcat"
- assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
- assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
- assertFileNotContains /opt/tier-support/supervisord.conf "__"
- assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
- assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
-
assertFileContains /opt/tomcat/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
assertFileContains /opt/tomcat/conf/web.xml "<session-timeout>1</session-timeout>"
assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
- assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
-
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
- assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
-
- assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
assertEnvVar GROUPERWS_PROXY_PASS ""
assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
- assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
- assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
- assertEnvVar GROUPER_APACHE_SSL_PORT "443"
assertEnvVar GROUPER_CHOWN_DIRS "true"
assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
assertEnvVar GROUPER_DAEMON "false"
@@ -66,9 +45,7 @@ testContainerWsAuthn() {
assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
assertEnvVar GROUPER_MAX_MEMORY "1500m"
assertEnvVar GROUPER_PROXY_PASS "#"
- assertEnvVar GROUPER_RUN_APACHE "true"
assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
- assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
assertEnvVar GROUPER_RUN_TOMCAT "true"
assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
assertEnvVar GROUPER_UI "false"
@@ -82,8 +59,6 @@ testContainerWsAuthn() {
assertEnvVar GROUPER_WS_ONLY "true"
assertNumberOfTomcatProcesses 1
- assertNumberOfApacheProcesses 5
- assertNumberOfShibProcesses 0
assertListeningOnPort 443
assertListeningOnPort 80
diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh
index c458f47b..89d6e33d 100644
--- a/container_files/tier-support/test/rebuildTestContainer.sh
+++ b/container_files/tier-support/test/rebuildTestContainer.sh
@@ -18,12 +18,6 @@ cd $reldir
mkdir -p slashRoot/usr/local/bin
rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin
-mkdir -p slashRoot/etc/httpd/conf.d
-rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d
-
-mkdir -p slashRoot/opt/tier-support/originalFiles
-rsync -avzpl $grouperContainerGitPath/container_files/httpd/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles
-
rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
#mkdir -p slashRoot/opt/tomcat/conf
diff --git a/container_files/tomcat/conf/server.xml.loggingpipe b/container_files/tomcat/conf/server.xml.loggingpipe
deleted file mode 100644
index d223fe2f..00000000
--- a/container_files/tomcat/conf/server.xml.loggingpipe
+++ /dev/null
@@ -1,165 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!-- APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation which always uses
- OpenSSL for TLS.
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
- configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp"
- prefix="tomcat_access_log"
- rotatable="false" pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
diff --git a/container_files/tomcat/conf/server.xml.loggingpipe.patch b/container_files/tomcat/conf/server.xml.loggingpipe.patch
deleted file mode 100644
index b46294c6..00000000
--- a/container_files/tomcat/conf/server.xml.loggingpipe.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
-+++ server.xml.loggingpipe 2023-01-17 12:56:35.572142521 -0500
-@@ -155,9 +155,9 @@
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
-- prefix="localhost_access_log" suffix=".txt"
-- pattern="%h %l %u %t "%r" %s %b" />
-+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp"
-+ prefix="tomcat_access_log"
-+ rotatable="false" pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
index 0d411843..37413651 100755
--- a/container_files/usr-local-bin/library.sh
+++ b/container_files/usr-local-bin/library.sh
@@ -15,11 +15,8 @@ echo "grouperContainer; INFO: (library.sh) Start loading library.sh"
. /usr/local/bin/libraryPrepOnly.sh
. /usr/local/bin/libraryRunCommand.sh
. /usr/local/bin/librarySetupFiles.sh
-. /usr/local/bin/librarySetupFilesApache.sh
. /usr/local/bin/librarySetupFilesForComponent.sh
-. /usr/local/bin/librarySetupFilesForProcess.sh
. /usr/local/bin/librarySetupFilesTomcat.sh
-. /usr/local/bin/librarySetupPipe.sh
# base definitions of hooks
. /usr/local/bin/grouperScriptHooksBase.sh
diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
index 130f9bf3..d57b1e70 100644
--- a/container_files/usr-local-bin/libraryPrep.sh
+++ b/container_files/usr-local-bin/libraryPrep.sh
@@ -7,14 +7,6 @@ prep_openshift() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_CHOWN_DIRS=false"
export GROUPER_CHOWN_DIRS=false
fi
- if [ -z "$GROUPER_SHIB_LOG_USE_PIPE" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_SHIB_LOG_USE_PIPE=false"
- export GROUPER_SHIB_LOG_USE_PIPE=false
- fi
- if [ -z "$GROUPER_USE_PIPES" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_USE_PIPES=false"
- export GROUPER_USE_PIPES=false
- fi
if [ -z "$GROUPER_GSH_CHECK_USER" ]; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_GSH_CHECK_USER=false"
export GROUPER_GSH_CHECK_USER=false
@@ -28,24 +20,17 @@ prep_openshift() {
prep_quickstart() {
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) GROUPER_RUN_TOMCAT_NOT_SUPERVISOR is not true"
- if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_SELF_SIGNED_CERT=true"
- export GROUPER_SELF_SIGNED_CERT=true
- fi
- if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_START_DELAY_SECONDS='10'"
- export GROUPER_START_DELAY_SECONDS='10'
- fi
+ if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_SELF_SIGNED_CERT=true"
+ export GROUPER_SELF_SIGNED_CERT=true
fi
- if [ -z "$GROUPER_RUN_SHIB_SP" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_RUN_SHIB_SP=false"
- export GROUPER_RUN_SHIB_SP=false
+ if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_START_DELAY_SECONDS='10'"
+ export GROUPER_START_DELAY_SECONDS='10'
fi
if [ -z "$GROUPER_AUTO_DDL_UPTOVERSION" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_AUTO_DDL_UPTOVERSION='v2.6.*'"
- export GROUPER_AUTO_DDL_UPTOVERSION='v2.6.*'
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*'"
+ export GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*'
fi
if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'"
@@ -85,14 +70,6 @@ prep_ui() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_UI=true"
export GROUPER_UI=true
fi
- if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_APACHE=true"
- export GROUPER_RUN_APACHE=true
- fi
- if [ -z "$GROUPER_RUN_SHIB_SP" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_SHIB_SP=true"
- export GROUPER_RUN_SHIB_SP=true
- fi
if [ -z "$GROUPER_RUN_TOMCAT" ]; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_TOMCAT=true"
export GROUPER_RUN_TOMCAT=true
@@ -134,10 +111,6 @@ prep_ws() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_WS=true"
export GROUPER_WS=true
fi
- if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_RUN_APACHE=true"
- export GROUPER_RUN_APACHE=true
- fi
if [ -z "$GROUPER_RUN_TOMCAT" ]; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_RUN_TOMCAT=true"
export GROUPER_RUN_TOMCAT=true
@@ -146,18 +119,6 @@ prep_ws() {
prep_conf() {
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) Start setting up initial pipes"
- if [ -z "$GROUPER_USE_PIPES" ]; then
- if [ "$GROUPER_OPENSHIFT" != 'true' ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) GROUPER_USE_PIPES=true"
- export GROUPER_USE_PIPES=true
- fi
- fi
- setupPipe_logging
- setupPipe_supervisordLog
- setupPipe_grouperLog
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) End setting up initial pipes"
-
# if we are stopping and starting, we just read the env vars and we done
if [ -f /opt/grouper/grouperEnv.sh ]
then
@@ -173,18 +134,6 @@ prep_conf() {
prep_initDeprecatedEnvVars() {
- if [ ! -z "$RUN_APACHE" ] && [ -z "$GROUPER_RUN_APACHE" ]
- then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_APACHE=$RUN_APACHE"
- export GROUPER_RUN_APACHE="$RUN_APACHE"
- fi
-
- if [ ! -z "$RUN_SHIB_SP" ] && [ -z "$GROUPER_RUN_SHIB_SP" ]
- then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_SHIB_SP=$RUN_SHIB_SP"
- export GROUPER_RUN_SHIB_SP="$RUN_SHIB_SP"
- fi
-
if [ ! -z "$RUN_TOMCAT" ] && [ -z "$GROUPER_RUN_TOMCAT" ]
then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_TOMCAT=$RUN_TOMCAT"
@@ -327,23 +276,6 @@ prep_finishBegin() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPERWS_URL_CONTEXT=grouper-ws"
export GROUPERWS_URL_CONTEXT=grouper-ws
fi
- if [ -z "$GROUPER_APACHE_AJP_TIMEOUT_SECONDS" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600"
- export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600
- fi
- if [ -z "$GROUPER_APACHE_SSL_PORT" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_SSL_PORT=443"
- export GROUPER_APACHE_SSL_PORT=443
- fi
- if [ -z "$GROUPER_APACHE_NONSSL_PORT" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_NONSSL_PORT=80"
- export GROUPER_APACHE_NONSSL_PORT=80
- fi
- if [ -z "$GROUPER_APACHE_DIRECTORY_INDEXES" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_DIRECTORY_INDEXES=false"
- export GROUPER_APACHE_DIRECTORY_INDEXES=false
- fi
-
if [ -z "$GROUPER_GSH_CHECK_USER" ] ; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_CHECK_USER=true"
export GROUPER_GSH_CHECK_USER=true
@@ -357,13 +289,6 @@ prep_finishBegin() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false"
export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false
fi
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" = "true" ]; then
- # if we are not running supervisor then default to not chown dirs
- if [ -z "$GROUPER_CHOWN_DIRS" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=false"
- export GROUPER_CHOWN_DIRS=false
- fi
- fi
if [ -z "$GROUPER_CHOWN_DIRS" ] ; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=true"
export GROUPER_CHOWN_DIRS=true
@@ -385,16 +310,6 @@ prep_finishBegin() {
export GROUPER_TOMCAT_SHUTDOWN_PORT=8005
fi
- if [ -z "$GROUPER_SHIB_LOG_USE_PIPE" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SHIB_LOG_USE_PIPE=true"
- export GROUPER_SHIB_LOG_USE_PIPE=true
- fi
-
- if [ -z "$GROUPER_APACHE_STATUS_PATH" ] ; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_STATUS_PATH=/status_grouper/status"
- export GROUPER_APACHE_STATUS_PATH=/status_grouper/status
- fi
-
if [ -z "$GROUPER_GSH_JVMARGS" ] ; then
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_JVMARGS=\"-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts\""
export GROUPER_GSH_JVMARGS="-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
@@ -417,16 +332,6 @@ prep_finishBegin() {
export GROUPER_LOG_TO_HOST=false
fi
- if [ -z "$GROUPER_LOG_TO_PIPE" ] ; then
- if [ "$GROUPER_LOG_TO_HOST" = "true" ]; then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_LOG_TO_PIPE=false"
- export GROUPER_LOG_TO_PIPE=false
- else
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_LOG_TO_PIPE=true"
- export GROUPER_LOG_TO_PIPE=true
- fi
- fi
-
}
prep_finishEnd() {
@@ -460,10 +365,6 @@ prep_finishEnd() {
echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_LOG_ACCESS=false"
export GROUPER_TOMCAT_LOG_ACCESS=false
fi
- if [ "$GROUPER_RUN_SHIB_SP" = "true" ] && [ -z "$GROUPERUI_LOGOUT_REDIRECTTOURL" ]; then
- echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout"
- export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout
- fi
if [ -z "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ]; then
if [ "$GROUPER_PROXY_PASS" = "#" ]; then
diff --git a/container_files/usr-local-bin/libraryRunCommand.sh b/container_files/usr-local-bin/libraryRunCommand.sh
index 878c61b7..0f70bcc6 100644
--- a/container_files/usr-local-bin/libraryRunCommand.sh
+++ b/container_files/usr-local-bin/libraryRunCommand.sh
@@ -2,28 +2,11 @@
runCommand() {
- echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Start setting up remaining pipes"
- setupPipe_httpdLog
- setupPipe_shibdLog
- setupPipe_tomcatLog
- setupPipe_tomcatAccessLog
- echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) End setting up remainder pipes"
-
- runCommand_unsetAll
-
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" = "true" ]
- then
- echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting tomcat not supervisor"
- /opt/tomcat/bin/catalina.sh run
- else
- echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting supervisor"
- exec /usr/bin/supervisord -c /opt/tier-support/supervisord.conf
- fi
-
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting tomcat"
+ /opt/tomcat/bin/catalina.sh run
}
runCommand_unsetAll() {
- setupPipe_unsetAll
unset -f runCommand
unset -f runCommand_unsetAll
}
diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh
index 02461a72..0611d922 100644
--- a/container_files/usr-local-bin/librarySetupFiles.sh
+++ b/container_files/usr-local-bin/librarySetupFiles.sh
@@ -5,17 +5,7 @@ setupFiles_linkGrouperSecrets() {
local label_file=`basename $filepath`
local file=$(echo $label_file| cut -d'_' -f 2)
- if [[ $label_file == shib_* ]]; then
- ln -sf /run/secrets/$label_file /etc/shibboleth/$file
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/$label_file /etc/shibboleth/$file, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- elif [[ $label_file == httpd_* ]]; then
- ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- elif [ "$label_file" == "host-key.pem" ]; then
+ if [ "$label_file" == "host-key.pem" ]; then
ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
returnCode=$?
echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem, result: $returnCode"
@@ -72,27 +62,6 @@ setupFiles_localLogging() {
echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILEEND__|-->|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi
- if [ "$GROUPER_LOG_TO_PIPE" = "true" ]; then
- sed -i "s|__LOGPIPESTART__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__LOGPIPESTART__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- sed -i "s|__LOGPIPEEND__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__LOGPIPEEND__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- sed -i "s|__LOGPIPESTART__|<!--|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__LOGPIPESTART__|<!--|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- sed -i "s|__LOGPIPEEND__|-->|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__LOGPIPEEND__|-->|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
# add semicolons
LOCAL_ENV=
@@ -275,54 +244,6 @@ setupFiles_analyzeOriginalFiles() {
export GROUPER_ORIGFILE_LOG4J_PROPERTIES=false
fi
- setupFiles_originalFile /etc/httpd/conf/httpd.conf
- original_file=$?
- if [ -z "$GROUPER_ORIGFILE_HTTPD_CONF" ] && [[ $original_file -eq 0 ]]
- then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_CONF=true"
- export GROUPER_ORIGFILE_HTTPD_CONF=true
- fi
- if [ -z "$GROUPER_ORIGFILE_HTTPD_CONF" ] ; then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_CONF=false"
- export GROUPER_ORIGFILE_HTTPD_CONF=false
- fi
-
- setupFiles_originalFile /etc/httpd/conf.d/ssl-enabled.conf
- original_file=$?
- if [ -z "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" ] && [[ $original_file -eq 0 ]]
- then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SSL_ENABLED_CONF=true"
- export GROUPER_ORIGFILE_SSL_ENABLED_CONF=true
- fi
- if [ -z "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" ] ; then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SSL_ENABLED_CONF=false"
- export GROUPER_ORIGFILE_SSL_ENABLED_CONF=false
- fi
-
- setupFiles_originalFile /etc/httpd/conf.d/httpd-shib.conf
- original_file=$?
- if [ -z "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" ] && [[ $original_file -eq 0 ]]
- then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=true"
- export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=true
- fi
- if [ -z "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" ] ; then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=false"
- export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=false
- fi
-
- setupFiles_originalFile /etc/httpd/conf.d/shib.conf
- original_file=$?
- if [ -z "$GROUPER_ORIGFILE_SHIB_CONF" ] && [[ $original_file -eq 0 ]]
- then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SHIB_CONF=true"
- export GROUPER_ORIGFILE_SHIB_CONF=true
- fi
- if [ -z "$GROUPER_ORIGFILE_SHIB_CONF" ] ; then
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SHIB_CONF=false"
- export GROUPER_ORIGFILE_SHIB_CONF=false
- fi
-
setupFiles_originalFile /opt/tomcat/conf/Catalina/localhost/grouper.xml
original_file=$?
if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] && [[ $original_file -eq 0 ]]
@@ -350,19 +271,8 @@ setupFiles_analyzeOriginalFiles() {
}
-setupFiles_removePids() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /run/httpd/httpd.pid ]; then
- rm -f /run/httpd/httpd.pid
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_removePids) rm -f /run/httpd/httpd.pid , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-}
-
setupFiles() {
- setupFiles_removePids
-
if [ "$GROUPER_SETUP_FILES_COMPLETE" = "true" ]
then
echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles) GROUPER_SETUP_FILES_COMPLETE=true, skipping setting up files (including not syncing slashRoot again)"
@@ -379,18 +289,8 @@ setupFiles() {
setupFiles_linkGrouperSecrets
- # this needs to be first
- setupFilesForProcess_supervisor
-
- setupFilesApache
-
setupFilesTomcat
- setupFilesForProcess
-
- # this needs to be last
- setupFilesForProcess_supervisorFinal
-
setupFilesForComponent
setupFiles_localLogging
@@ -412,9 +312,6 @@ setupFiles() {
setupFiles_unsetAllAndFromFiles() {
setupFiles_unsetAll
- setupFilesApache_unsetAll
- setupFilesForComponent_unsetAll
- setupFilesForProcess_unsetAll
setupFilesTomcat_unsetAll
grouperScriptHooks_unsetAll
}
@@ -428,7 +325,6 @@ setupFiles_unsetAll() {
unset -f setupFiles_localLogging
unset -f setupFiles_loggingPrefix
unset -f setupFiles_originalFile
- unset -f setupFiles_removePids
unset -f setupFiles_rsyncSlashRoot
unset -f setupFiles_storeEnvVars
unset -f setupFiles_unsetAll
diff --git a/container_files/usr-local-bin/librarySetupFilesApache.sh b/container_files/usr-local-bin/librarySetupFilesApache.sh
deleted file mode 100644
index bd64adba..00000000
--- a/container_files/usr-local-bin/librarySetupFilesApache.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/bash
-
-setupFilesApache_indexes() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_APACHE_DIRECTORY_INDEXES" = "false" ]
- then
- if [ "$GROUPER_ORIGFILE_HTTPD_CONF" = "true" ]; then
- # take out the directory indexes from the docroot
- cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.pre_noindexes
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.pre_noindexes, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- patch /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/httpd.conf.noindexes.patch
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) Patch httpd.conf to turn off indexes 'patch /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/httpd.conf.noindexes.patch' result=$returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) /etc/httpd/conf/httpd.conf is not the original file so will not be changed"
- fi
- fi
-
-}
-
-setupFilesApache_ssl() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" != "true" ]
- then
- if [ -f /etc/httpd/conf.d/ssl.conf ]
- then
- mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.dontuse
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ssl) mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.dontuse , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
- if [ -f /etc/httpd/conf.d/ssl-enabled.conf ]
- then
- mv -v /etc/httpd/conf.d/ssl-enabled.conf /etc/httpd/conf.d/ssl-enabled.conf.dontuse
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ssl) mv -v /etc/httpd/conf.d/ssl-enabled.conf /etc/httpd/conf.d/ssl-enabled.conf.dontuse , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
- fi
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ] ; then
-
- if [ "$GROUPER_SSL_USE_STAPLING" = "true" ]; then
- sed -i "s|__GROUPER_SSL_USE_STAPLING__|on|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- sed -i "s|__GROUPER_SSL_USE_STAPLING__|off|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- fi
-
- sed -i "s|__GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- sed -i "s|__GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- if [ "$GROUPER_SSL_USE_CHAIN_FILE" = "true" ]; then
-
- sed -i "s|__GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
-
- else
- sed -i "s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- fi
-
- fi
-}
-
-
-
-setupFilesApache_serverName() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_SERVER_NAME" ] && [ "$GROUPER_APACHE_SERVER_NAME" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_serverName) Appending ServerName to grouper-www.conf"
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "ServerName $GROUPER_APACHE_SERVER_NAME" >> /etc/httpd/conf.d/grouper-www.conf
- echo "UseCanonicalName On" >> /etc/httpd/conf.d/grouper-www.conf
- echo >> /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_serverName) Setup ServerName $GROUPER_APACHE_SERVER_NAME in /etc/httpd/conf.d/grouper-www.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
-}
-
-setupFilesApache_remoteip() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_HEADER" ] && [ "$GROUPER_APACHE_REMOTE_IP_HEADER" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPHeader to grouper-www.conf"
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "RemoteIPHeader $GROUPER_APACHE_REMOTE_IP_HEADER" >> /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPHeader $GROUPER_APACHE_REMOTE_IP_HEADER\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" ] && [ "$GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPTrustedProxy to grouper-www.conf"
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "RemoteIPTrustedProxy $GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" >> /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPTrustedProxy $GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" ] && [ "$GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPInternalProxy to grouper-www.conf"
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "RemoteIPInternalProxy $GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" >> /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPInternalProxy $GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
-}
-
-setupFilesApache_status() {
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_STATUS_PATH" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "none" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) Appending status to grouper-www.conf"
- echo >> /etc/httpd/conf.d/grouper-www.conf
- # ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401
- echo "ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401" >> /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- echo >> /etc/httpd/conf.d/grouper-www.conf
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) echo \"ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-}
-
-setupFilesApache_supervisor() {
- if [ "$GROUPER_RUN_APACHE" = "true" ]
- then
- cat /opt/tier-support/supervisord-httpd.conf >> /opt/tier-support/supervisord.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_supervisor) cat /opt/tier-support/supervisord-httpd.conf >> /opt/tier-support/supervisord.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
-}
-
-setupFilesApache_ports() {
-
- # filter the ssl config for ssl port
-
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ]
- then
- sed -i "s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g" /etc/httpd/conf.d/ssl-enabled.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
- if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_APACHE_NONSSL_PORT" != "80" ]
- then
- sed -i "s|Listen 80|Listen $GROUPER_APACHE_NONSSL_PORT|g" /etc/httpd/conf/httpd.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Replace apache non-ssl port in httpd.conf, sed -i \"s|Listen 80|Listen $GROUPER_APACHE_NONSSL_PORT|g\" /etc/httpd/conf/httpd.conf , result: $?"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
-}
-
-
-setupFilesApache() {
- setupFilesApache_supervisor
- setupFilesApache_ports
- setupFilesApache_remoteip
- setupFilesApache_ssl
- setupFilesApache_status
- setupFilesApache_serverName
- setupFilesApache_indexes
-}
-
-setupFilesApache_unsetAll() {
- unset -f setupFilesApache
- unset -f setupFilesApache_indexes
- unset -f setupFilesApache_ports
- unset -f setupFilesApache_remoteip
- unset -f setupFilesApache_ssl
- unset -f setupFilesApache_status
- unset -f setupFilesApache_supervisor
- unset -f setupFilesApache_unsetAll
- unset -f setupFilesApache_serverName
-}
-
-setupFilesApache_exportAll() {
- export -f setupFilesApache
- export -f setupFilesApache_indexes
- export -f setupFilesApache_ports
- export -f setupFilesApache_remoteip
- export -f setupFilesApache_ssl
- export -f setupFilesApache_status
- export -f setupFilesApache_supervisor
- export -f setupFilesApache_unsetAll
- export -f setupFilesApache_serverName
-}
-
-# export everything
-setupFilesApache_exportAll
-
-
diff --git a/container_files/usr-local-bin/librarySetupFilesForProcess.sh b/container_files/usr-local-bin/librarySetupFilesForProcess.sh
deleted file mode 100644
index 7a19cdd1..00000000
--- a/container_files/usr-local-bin/librarySetupFilesForProcess.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/bash
-
-setupFilesForProcess_supervisor() {
-
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
- # clear out existing supervisord config
- cat /opt/tier-support/supervisord-base.conf > /opt/tier-support/supervisord.conf
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisor) Clear out supervisor.conf , result: $returnCode"
- returnCode=$?
- fi
-}
-
-setupFilesForProcess() {
-
- setupFilesForProcess_shib
-
-}
-
-setupFilesForProcess_supervisorFinal() {
-
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
- if [ "$GROUPER_RUN_PROCESSES_AS_USERS" = "true" ]
- then
- # let these lines live
- sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__||g" /opt/tier-support/supervisord.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisorFinal) Running processes as users in supervisord.conf, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- # comment out these lines
- sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__|;|g" /opt/tier-support/supervisord.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisorFinal) Commenting out running processes as users in supervisord.conf, result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
- fi
-}
-
-setupFilesForProcess_shib() {
-
- if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
- if [ -f /etc/httpd/conf.d/shib.conf ]
- then
- mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- fi
-
- if [ "$GROUPER_RUN_SHIB_SP" = "true" ]
- then
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) Appending supervisord-shibsp.conf to supervisord.conf"
- cat /opt/tier-support/supervisord-shibsp.conf >> /opt/tier-support/supervisord.conf
- returnCode=$?
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- if [ "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" = "true" ]; then
- cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/ , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) /etc/httpd/conf.d/httpd-shib.conf is not the original file so will not be edited"
- fi
- if [ "$GROUPER_ORIGFILE_SHIB_CONF" = "true" ]; then
- mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- else
- echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) /etc/httpd/conf.d/shib.conf is not the original file so will not be edited"
- fi
- fi
- fi
-
-}
-
-setupFilesForProcess_unsetAll() {
-
- unset -f setupFilesForProcess
- unset -f setupFilesForProcess_shib
- unset -f setupFilesForProcess_supervisor
- unset -f setupFilesForProcess_supervisorFinal
- unset -f setupFilesForProcess_unsetAll
-
-}
-
-setupFilesForProcess_exportAll() {
-
- export -f setupFilesForProcess
- export -f setupFilesForProcess_shib
- export -f setupFilesForProcess_supervisor
- export -f setupFilesForProcess_supervisorFinal
- export -f setupFilesForProcess_unsetAll
-}
-
-# export everything
-setupFilesForProcess_exportAll
diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
index c0b6dabc..0311701d 100644
--- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -2,7 +2,6 @@
setupFilesTomcat() {
setupFilesTomcat_turnOnAjp
- setupFilesTomcat_supervisor
setupFilesTomcat_authn
setupFilesTomcat_context
setupFilesTomcat_ports
@@ -35,16 +34,8 @@ setupFilesTomcat_turnOnAjp() {
setupFilesTomcat_accessLogs() {
if [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]; then
- if [ "$GROUPER_TOMCAT_LOG_ACCESS" = "true" ]; then
+ if [ "$GROUPER_TOMCAT_LOG_ACCESS" != "true" ]; then
- # this patch happens after the last patch
- patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.loggingpipe.patch
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Patch server.xml to log access: patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.loggingpipe.patch , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
-
- else
-
patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.nologging.patch
returnCode=$?
echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Patch server.xml to not log access: patch /opt/tomcat/conf/server.xml /opt/tomcat/conf/server.xml.nologging.patch , result: $returnCode"
@@ -119,51 +110,6 @@ setupFilesTomcat_context() {
fi
fi
- # setup the apache linkage to tomcat
- if [ -f /etc/httpd/conf.d/grouper-www.conf ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]
- then
- sed -i "s|__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__|$GROUPER_APACHE_AJP_TIMEOUT_SECONDS|g" /etc/httpd/conf.d/grouper-www.conf
- results="$?"
- sed -i "s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- sed -i "s|__GROUPER_URL_CONTEXT__|$GROUPER_URL_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- sed -i "s|__GROUPERWS_URL_CONTEXT__|$GROUPERWS_URL_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- sed -i "s|__GROUPER_PROXY_PASS__|$GROUPER_PROXY_PASS|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
-
- if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" = "true" ]; then
- sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__||g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- else
- sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__|#|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- fi
-
- if [ -f /etc/httpd/conf.d/ssl-enabled.conf ]; then
- sed -i "s|__GROUPER_PROXY_PASS__|$GROUPER_PROXY_PASS|g" /etc/httpd/conf.d/ssl-enabled.conf
- results="$results $?"
-
- if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" = "true" ]; then
- sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__||g" /etc/httpd/conf.d/ssl-enabled.conf
- results="$results $?"
- else
- sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__|#|g" /etc/httpd/conf.d/ssl-enabled.conf
- results="$results $?"
- fi
- fi
- sed -i "s|__GROUPERWS_PROXY_PASS__|$GROUPERWS_PROXY_PASS|g" /etc/httpd/conf.d/grouper-www.conf
- returnCode=$?
- results="$results $returnCode"
- if [ "$GROUPER_TOMCAT_AJP_PORT" != "8009" ]; then
- sed -i "s|:8009/|:$GROUPER_TOMCAT_AJP_PORT/|g" /etc/httpd/conf.d/grouper-www.conf
- results="$results $?"
- fi
- echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Set contexts in grouper-www.conf and other files, results: $results"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
}
setupFilesTomcat_authn() {
@@ -189,18 +135,6 @@ setupFilesTomcat_authn() {
}
-setupFilesTomcat_supervisor() {
-
- if [ "$GROUPER_RUN_TOMCAT" = "true" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]
- then
- cat /opt/tier-support/supervisord-tomcat.conf >> /opt/tier-support/supervisord.conf
- returnCode=$?
- echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_supervisor) Append supervisord-tomcat.conf to supervisord.conf: cat /opt/tier-support/supervisord-tomcat.conf >> /opt/tier-support/supervisord.conf , result: $returnCode"
- if [ $returnCode != 0 ]; then exit $returnCode; fi
- fi
-
-}
-
setupFilesTomcat_sessionTimeout() {
if [ "$GROUPER_RUN_TOMCAT" = "true" ] && [ "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" != "-2" ]
@@ -324,7 +258,6 @@ setupFilesTomcat_unsetAll() {
unset -f setupFilesTomcat_ssl
unset -f setupFilesTomcat_sslCertsAnchors
unset -f setupFilesTomcat_sslCertsClient
- unset -f setupFilesTomcat_supervisor
unset -f setupFilesTomcat_unsetAll
unset -f setupFilesTomcat_accessLogs
unset -f setupFilesTomcat_sessionTimeout
@@ -341,7 +274,6 @@ setupFilesTomcat_exportAll() {
export -f setupFilesTomcat_ssl
export -f setupFilesTomcat_sslCertsAnchors
export -f setupFilesTomcat_sslCertsClient
- export -f setupFilesTomcat_supervisor
export -f setupFilesTomcat_unsetAll
export -f setupFilesTomcat_accessLogs
export -f setupFilesTomcat_sessionTimeout
diff --git a/container_files/usr-local-bin/librarySetupPipe.sh b/container_files/usr-local-bin/librarySetupPipe.sh
deleted file mode 100644
index 7b0ee8d3..00000000
--- a/container_files/usr-local-bin/librarySetupPipe.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/bash
-
-setupPipe() {
- echo "grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: $1"
- if [ -e $1 ]; then
- rm -f $1
- returnCode=$?
- fi
- mkfifo -m 666 $1
- returnCode=$?
-}
-
-setupPipe_logging() {
-
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
- setupPipe /tmp/logpipe
- cat <> /tmp/logpipe &
- fi
-}
-
-# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
-setupPipe_grouperLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- setupPipe /tmp/loggrouper
- (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
- fi
-}
-
-setupPipe_httpdLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- if [ "$GROUPER_RUN_APACHE" = "true" ]
- then
- setupPipe /tmp/loghttpd
- (cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
- fi
- fi
-}
-
-setupPipe_shibdLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- if [ "$GROUPER_RUN_SHIB_SP" = "true" ]
- then
- if [ "$GROUPER_SHIB_LOG_USE_PIPE" = "true" ]
- then
- setupPipe /tmp/logshibd
- (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
- fi
- fi
- fi
-}
-
-setupPipe_tomcatLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- if [ "$GROUPER_RUN_TOMCAT" = "true" ] && [ "$GROUPER_LOG_TO_PIPE" = "true" ]
- then
- setupPipe /tmp/logtomcat
- (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
- fi
- fi
-}
-
-setupPipe_tomcatAccessLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- if [ "$GROUPER_TOMCAT_LOG_ACCESS" = "true" ]; then
-
- setupPipe /tmp/tomcat_access_log
- (cat <> /tmp/tomcat_access_log | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat-access;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe) &
- fi
- fi
-}
-
-setupPipe_supervisordLog() {
- if [ "$GROUPER_USE_PIPES" == "true" ]; then
- setupPipe /tmp/logsuperd
- (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
- fi
-}
-
-setupPipe_unsetAll() {
-
- unset -f setupPipe
- unset -f setupPipe_grouperLog
- unset -f setupPipe_httpdLog
- unset -f setupPipe_logging
- unset -f setupPipe_shibdLog
- unset -f setupPipe_supervisordLog
- unset -f setupPipe_tomcatLog
- unset -f setupPipe_tomcatAccessLog
- unset -f setupPipe_unsetAll
-
-}
-
-setupPipe_exportAll() {
-
- export -f setupPipe
- export -f setupPipe_grouperLog
- export -f setupPipe_httpdLog
- export -f setupPipe_logging
- export -f setupPipe_shibdLog
- export -f setupPipe_supervisordLog
- export -f setupPipe_tomcatLog
- export -f setupPipe_tomcatAccessLog
- export -f setupPipe_unsetAll
-
-}
-
-# export everything
-setupPipe_exportAll
-
diff --git a/run.sh b/run.sh
index effc3b51..0c4ba35e 100755
--- a/run.sh
+++ b/run.sh
@@ -1,18 +1,16 @@
#!/bin/bash
-docker run -d -p 443:443 --name my-grouper \
+docker run -d -p 8081:8080 --name my-grouper \
-e GROUPER_UI_GROUPER_AUTH=true \
-e GROUPER_SELF_SIGNED_CERT=true \
- -e GROUPER_RUN_SHIB_SP=false \
- -e GROUPER_AUTO_DDL_UPTOVERSION='v2.6.*' \
+ -e GROUPER_AUTO_DDL_UPTOVERSION='v5.*.*' \
-e GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0' \
-e GROUPERSYSTEM_QUICKSTART_PASS=pass \
-e GROUPER_UI=true \
- -e GROUPER_DATABASE_URL=jdbc:postgresql://docker.for.mac.localhost:5432/grouper_v2_6?currentSchema=public \
+ -e GROUPER_DATABASE_URL=jdbc:postgresql://docker.for.mac.localhost:5433/grouper?currentSchema=public \
-e GROUPER_DATABASE_USERNAME=grouper \
-e GROUPER_DATABASE_PASSWORD=pass \
-e GROUPER_LOG_TO_HOST=true \
- -e GROUPER_LOG_TO_PIPE=true \
-e ENV="foo(2)" \
-e USERTOKEN=myUserToken \
my-grouper:latest ui
diff --git a/test-compose/README.md b/test-compose/README.md
index 1edef55d..80728055 100644
--- a/test-compose/README.md
+++ b/test-compose/README.md
@@ -5,7 +5,6 @@ In this example, the following cases are covered by this example:
- A demo directory and SIS database are included, populated with approximately 1,000 test subjects.
- Grouper is configured to use this directory as the subject source.
- Grouper Loader creates groups based on the data in the SIS table.
-- Grouper UI is protected by a Shibboleth IdP (included) that connects to this directory server.
- Grouper WS is protected by http basic auth that authenticates against the directory server.
- Grouper publishes event data to a RabbitMQ instance (included).
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
index ea7ad843..f90926cd 100644
--- a/test-compose/docker-compose.yml
+++ b/test-compose/docker-compose.yml
@@ -57,8 +57,6 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- - source: sp-key.pem
- target: shib_sp-key.pem
- source: host-key.pem
volumes:
- type: bind
@@ -67,15 +65,6 @@ services:
- type: bind
source: ./configs-and-secrets/grouper/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- - type: bind
- source: ./configs-and-secrets/shibboleth/sp-cert.pem
- target: /etc/shibboleth/sp-cert.pem
- - type: bind
- source: ./configs-and-secrets/shibboleth/shibboleth2.xml
- target: /etc/shibboleth/shibboleth2.xml
- - type: bind
- source: ./configs-and-secrets/shibboleth/idp-metadata.xml
- target: /etc/shibboleth/idp-metadata.xml
- type: bind
source: ./configs-and-secrets/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
@@ -107,8 +96,6 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- - source: sp-key.pem
- target: shib_sp-key.pem
- source: host-key.pem
volumes:
- type: bind
@@ -232,8 +219,6 @@ secrets:
file: ./configs-and-secrets/grouper/rabbitmq_password.txt
subject.properties:
file: ./configs-and-secrets/grouper/subject.properties
- sp-key.pem:
- file: ./configs-and-secrets/shibboleth/sp-key.pem
morphString.properties:
file: ./configs-and-secrets/grouper/morphString.properties
diff --git a/test-compose/ui/container_files/shibboleth/shibd.logger b/test-compose/ui/container_files/shibboleth/shibd.logger
deleted file mode 100644
index 2589b43b..00000000
--- a/test-compose/ui/container_files/shibboleth/shibd.logger
+++ /dev/null
@@ -1,69 +0,0 @@
-# set overall behavior
-log4j.rootCategory=DEBUG, shibd_log, warn_log
-
-# fairly verbose for DEBUG, so generally leave at DEBUG
-log4j.category.XMLTooling.XMLObject=DEBUG
-log4j.category.XMLTooling.KeyInfoResolver=DEBUG
-log4j.category.Shibboleth.IPRange=DEBUG
-log4j.category.Shibboleth.PropertySet=DEBUG
-
-# raise for low-level tracing of SOAP client HTTP/SSL behavior
-log4j.category.XMLTooling.libcurl=DEBUG
-
-# useful categories to tune independently:
-#
-# tracing of SAML messages and security policies
-#log4j.category.OpenSAML.MessageDecoder=DEBUG
-#log4j.category.OpenSAML.MessageEncoder=DEBUG
-#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
-#log4j.category.XMLTooling.SOAPClient=DEBUG
-# interprocess message remoting
-#log4j.category.Shibboleth.Listener=DEBUG
-# mapping of requests to applicationId
-#log4j.category.Shibboleth.RequestMapper=DEBUG
-# high level session cache operations
-#log4j.category.Shibboleth.SessionCache=DEBUG
-# persistent storage and caching
-#log4j.category.XMLTooling.StorageService=DEBUG
-
-# logs XML being signed or verified if set to DEBUG
-log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log
-log4j.additivity.XMLTooling.Signature.Debugger=false
-
-# the tran log blocks the "default" appender(s) at runtime
-# Level should be left at DEBUG for this category
-log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log
-log4j.additivity.Shibboleth-TRANSACTION=false
-# uncomment to suppress particular event types
-#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
-#log4j.category.Shibboleth-TRANSACTION.Login=WARN
-#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
-
-# define the appenders
-
-log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
-log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
-log4j.appender.shibd_log.maxFileSize=1000000
-log4j.appender.shibd_log.maxBackupIndex=10
-log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
-log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
-log4j.appender.warn_log.maxFileSize=1000000
-log4j.appender.warn_log.maxBackupIndex=10
-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-log4j.appender.warn_log.threshold=WARN
-
-log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
-log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
-log4j.appender.tran_log.maxFileSize=1000000
-log4j.appender.tran_log.maxBackupIndex=20
-log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
-
-log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
-log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.sig_log.layout.ConversionPattern=%m