5.2.0

docker · Jul 4, 2023 · 42ce9df · 42ce9df
1 parent d84c919
commit 42ce9df
Show file tree

Hide file tree

Showing 18 changed files with 211 additions and 5,533 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,15 +8,15 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 
 ARG GROUPER_CONTAINER_VERSION
 
-ENV GROUPER_VERSION=5.1.0 \
-    GROUPER_CONTAINER_VERSION=5.1.0 \
+ENV GROUPER_VERSION=5.2.0 \
+    GROUPER_CONTAINER_VERSION=5.2.0 \
     JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
     PATH=$PATH:$JAVA_HOME/bin \
     GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
 
 #  net-tools curl mlocate strace telnet man vim rsyslog cron mod_ssl cronie
 RUN yum update -y \
-    && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file net-tools curl mlocate logrotate strace telnet man vim rsyslog cronie findutils \
+    && yum install -y logrotate python3-pip rsync sudo patch wget tar unzip dos2unix file net-tools diffutils curl mlocate logrotate strace telnet man vim rsyslog cronie findutils \
     && pip3 install --upgrade setuptools \
     && yum clean -y all \
     && groupadd -r tomcat \

diff --git a/Dockerfile2 b/Dockerfile2
@@ -58,7 +58,7 @@ RUN cd /tmp \
 
 # testing container
 # see output with  docker build . --tag my:grouper
-# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper .
+# DOCKER_BUILDKIT=0 docker build -f Dockerfile2 --progress=plain -t mygrouper .
 # docker run --detach --name mygrouper mygrouper:latest
 # docker exec -it mygrouper bash
 

diff --git a/Dockerfile3 b/Dockerfile3
@@ -0,0 +1,4 @@
+FROM i2incommon/grouper:4.3.0
+
+ENTRYPOINT ["ping"]
+CMD ["google.com"]
diff --git a/Dockerfile_centos b/Dockerfile_centos
@@ -0,0 +1,59 @@
+FROM i2incommon/grouper:4.1.5 as grouperContainer
+
+FROM centos:centos7
+
+COPY --from=grouperContainer /opt /opt
+COPY --from=grouperContainer /usr/local/bin /usr/local/bin
+
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ARG GROUPER_CONTAINER_VERSION
+
+ENV GROUPER_VERSION=4.1.5 \
+    GROUPER_CONTAINER_VERSION=4.1.5 \
+    JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
+    PATH=$PATH:$JAVA_HOME/bin \
+    GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
+
+#  net-tools curl mlocate strace telnet man vim rsyslog cron httpd mod_ssl cronie
+
+RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release \ 
+    && yum update -y \
+    && yum install -y logrotate python3-pip rsync sudo patch supervisor wget tar unzip dos2unix file net-tools curl mlocate logrotate strace telnet man vim rsyslog cronie httpd mod_ssl findutils \
+    && pip3 install --upgrade setuptools \
+    && yum clean -y all \
+    && groupadd -r tomcat \
+    && useradd -r -m -s /sbin/nologin -g tomcat tomcat
+
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+
+# Install Corretto Java JDK (newer more arch independent way)
+RUN rpm --import https://yum.corretto.aws/corretto.key \
+    && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
+    && yum install -y java-17-amazon-corretto-devel
+
+RUN /opt/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh tomcat root
+
+# testing container
+# docker build -f Dockerfile_centos -t mygrouper
+# see output with  
+# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper .
+# docker run --detach --name mygrouper mygrouper:latest
+# docker exec -it mygrouper bash
+# docker run --detach -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_MAX_MEMORY='3g' -e GROUPER_RUN_SHIB_SP=false -e GROUPERSYSTEM_QUICKSTART_PASS=pass -e GROUPER_UI_GROUPER_AUTH=true -e GROUPER_DATABASE_URL=jdbc:postgresql://host.docker.internal:5433/grouper -e GROUPER_DATABASE_USERNAME=grouper -e GROUPER_DATABASE_PASSWORD=pass -e GROUPER_AUTO_DDL_UPTOVERSION='v4.*.*' -e GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0' -e GROUPER_START_DELAY_SECONDS=10 --publish 8081:8080  -e GROUPER_RUN_APACHE=false --name mygrouper mygrouper:latest ui
+
+
+
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
+EXPOSE 80 443
+HEALTHCHECK NONE
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+#ENTRYPOINT ["ping"]
+#CMD ["google.com"]
diff --git a/build3.sh b/build3.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t my-grouper3 -f Dockerfile3 .
diff --git a/container_files/grouperWebapp/WEB-INF/classes/grouper-loader.base.properties b/container_files/grouperWebapp/WEB-INF/classes/grouper-loader.base.properties
diff --git a/container_files/tomcat/conf/createPatches.txt b/container_files/tomcat/conf/createPatches.txt
@@ -0,0 +1,2 @@
+# note: get the server.xml into the original, make sure it ends with newline if the file does
+diff -u server.xml.original server.xml.grouper > server.xml.grouper.patch
diff --git a/...er_files/tomcat/conf/server.xml.nologging → ...iner_files/tomcat/conf/server.xml.grouper b/...er_files/tomcat/conf/server.xml.nologging → ...iner_files/tomcat/conf/server.xml.grouper
@@ -68,13 +68,17 @@
     -->
     <Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="10000"
+               />
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
                port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
     -->
     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
          This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
     -->
     <!--
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" SSLEnabled="true">
+               maxThreads="150" SSLEnabled="true"
+               maxParameterCount="1000"
+               >
         <SSLHostConfig>
             <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                          type="RSA" />
@@ -100,7 +106,9 @@
     -->
     <!--
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
+               maxThreads="150" SSLEnabled="true"
+               maxParameterCount="1000"
+               >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
             <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -112,8 +120,16 @@
     -->
 
     <!-- Define an AJP 1.3 Connector on port 8009 -->
-    <Connector secretRequired="false" secure="true"  scheme="https"  URIEncoding="UTF-8"  tomcatAuthentication="false"  port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+    <!--
+    <Connector protocol="AJP/1.3"
+               address="::1"
+               port="8009"
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
+    -->
+    <!--GROUPER_AJP_CONNECTOR-->
+
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them
@@ -151,13 +167,12 @@
         <!--
         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
         -->
+        <!--GROUPER_REMOTE_CIDR_VALVE-->
 
         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="common" -->
-
-
-
+        <!--GROUPER_LOGGING_VALVE-->
 
       </Host>
     </Engine>

diff --git a/container_files/tomcat/conf/server.xml.grouper.patch b/container_files/tomcat/conf/server.xml.grouper.patch
@@ -0,0 +1,37 @@
+--- server.xml.original	2023-06-27 13:54:24.000000000 -0400
++++ server.xml.grouper	2023-07-03 02:37:07.000000000 -0400
+@@ -69,7 +69,7 @@
+     <Connector port="8080" protocol="HTTP/1.1"
+                connectionTimeout="20000"
+                redirectPort="8443"
+-               maxParameterCount="1000"
++               maxParameterCount="10000"
+                />
+     <!-- A "Connector" using the shared thread pool-->
+     <!--
+@@ -128,7 +128,8 @@
+                maxParameterCount="1000"
+                />
+     -->
+-
++    <!--GROUPER_AJP_CONNECTOR-->
++    
+     <!-- An Engine represents the entry point (within Catalina) that processes
+          every request.  The Engine implementation for Tomcat stand alone
+          analyzes the HTTP headers included with the request, and passes them
+@@ -166,13 +167,12 @@
+         <!--
+         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+         -->
++        <!--GROUPER_REMOTE_CIDR_VALVE-->
+
+         <!-- Access log processes all example.
+              Documentation at: /docs/config/valve.html
+              Note: The pattern used is equivalent to using pattern="common" -->
+-        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+-               prefix="localhost_access_log" suffix=".txt"
+-               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
++        <!--GROUPER_LOGGING_VALVE-->
+
+       </Host>
+     </Engine>
diff --git a/container_files/tomcat/conf/server.xml.nologging.patch b/container_files/tomcat/conf/server.xml.nologging.patch
diff --git a/container_files/tomcat/conf/server.xml.original b/container_files/tomcat/conf/server.xml.original
@@ -68,13 +68,17 @@
     -->
     <Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
                port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
     -->
     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
          This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
     -->
     <!--
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
-               maxThreads="150" SSLEnabled="true">
+               maxThreads="150" SSLEnabled="true"
+               maxParameterCount="1000"
+               >
         <SSLHostConfig>
             <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                          type="RSA" />
@@ -100,7 +106,9 @@
     -->
     <!--
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
+               maxThreads="150" SSLEnabled="true"
+               maxParameterCount="1000"
+               >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         <SSLHostConfig>
             <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -116,7 +124,9 @@
     <Connector protocol="AJP/1.3"
                address="::1"
                port="8009"
-               redirectPort="8443" />
+               redirectPort="8443"
+               maxParameterCount="1000"
+               />
     -->
 
     <!-- An Engine represents the entry point (within Catalina) that processes