From 43cb34864616af6485abf37ca165c8f20ac2891b Mon Sep 17 00:00:00 2001 From: Chris Hyzer Date: Sun, 21 Aug 2022 18:59:05 -0400 Subject: [PATCH] 2.6.16 first pass --- Dockerfile | 157 +++++---------- container_files/containerDockerfileInstall.sh | 187 ++++++++++++++++++ .../containerDockerfileInstallGrouper.sh | 36 ++++ .../containerDockerfileInstallJava.sh | 27 +++ .../containerDockerfileInstallPermissions.sh | 91 +++++++++ .../tier-support/test/docker-compose.yaml.txt | 26 +++ .../grouperContainerUnitTestQuickstart.sh | 10 +- .../test/testContainer.Dockerfile | 7 +- .../usr-local-bin/librarySetupFiles.sh | 11 +- 9 files changed, 424 insertions(+), 128 deletions(-) create mode 100644 container_files/containerDockerfileInstall.sh create mode 100644 container_files/containerDockerfileInstallGrouper.sh create mode 100644 container_files/containerDockerfileInstallJava.sh create mode 100644 container_files/containerDockerfileInstallPermissions.sh create mode 100644 container_files/tier-support/test/docker-compose.yaml.txt diff --git a/Dockerfile b/Dockerfile index 418ebc0b..11aac9d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,57 +1,5 @@ -FROM centos:centos7 as installing -RUN yum update -y \ - && yum install -y wget tar unzip dos2unix patch \ - && yum clean all - -RUN yum install -y wget tar unzip dos2unix patch - -ARG GROUPER_CONTAINER_VERSION -ENV GROUPER_VERSION=2.6.15 \ - GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION - -# Install Corretto Java JDK -#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html -ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm -ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm -COPY container_files/java-corretto/corretto-signing-key.pub . -RUN curl -O -L $CORRETTO_URL_PERM \ - && rpm --import corretto-signing-key.pub \ - && rpm -K $CORRETTO_RPM \ - && rpm -i $CORRETTO_RPM \ - && rm -r corretto-signing-key.pub $CORRETTO_RPM -ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto - -RUN echo 'Downloading Grouper Installer...' \ - && mkdir -p /opt/grouper/$GROUPER_VERSION \ - && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar -COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION -# Temporary morphString file used for building, not used in production -COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION -RUN echo 'Installing Grouper'; \ - PATH=$PATH:$JAVA_HOME/bin; \ - cd /opt/grouper/$GROUPER_VERSION/ \ - && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller -FROM centos:centos7 as cleanup -ENV GROUPER_VERSION=2.6.15 \ - TOMEE_VERSION=7.0.0 -RUN mkdir -p /opt/grouper/grouperWebapp/ -RUN mkdir -p /opt/tomee/ -COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/ -COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/tomee/ /opt/tomee/ -COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/webapp/ /opt/grouper/grouperWebapp/ -RUN ls /opt/grouper/grouperWebapp/ -COPY --from=installing /etc/alternatives/java /etc/alternatives/java -RUN ls /opt/grouper/ -RUN ls /opt/grouper/grouperWebapp/WEB-INF -#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin -#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin -#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin -RUN cd /opt/tomee/; \ - rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties -COPY container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/ -COPY container_files/tomee/ /opt/tomee/ - FROM tier/shibboleth_sp:3.1.0_04172020 + LABEL author="tier-packaging@internet2.edu " \ Vendor="TIER" \ ImageType="Grouper" \ @@ -60,74 +8,57 @@ LABEL author="tier-packaging@internet2.edu " \ ARG GROUPER_CONTAINER_VERSION -ENV PATH=$PATH:$JAVA_HOME/bin \ - GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF \ - GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION -RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime +ENV GROUPER_VERSION=2.6.15 \ + GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION \ + JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto \ + PATH=$PATH:$JAVA_HOME/bin \ + GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF + RUN yum update -y \ - && yum install -y cron logrotate python3-pip rsync sudo patch supervisor \ + && yum install -y cron logrotate python3-pip rsync sudo patch supervisor wget tar unzip dos2unix \ && pip3 install --upgrade setuptools \ - && yum clean -y all -#COPY --from=installing $JAVA_HOME $JAVA_HOME -# do this again so its in rpm history + && yum clean -y all \ + && groupadd -r tomcat \ + && useradd -r -m -s /sbin/nologin -g tomcat tomcat \ + && mkdir -p /opt/container_files + +# Install Corretto Java JDK +#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm -COPY container_files/java-corretto/corretto-signing-key.pub . -RUN curl -O -L $CORRETTO_URL_PERM \ - && rpm --import corretto-signing-key.pub \ - && rpm -K $CORRETTO_RPM \ - && rpm -i $CORRETTO_RPM \ - && rm -r corretto-signing-key.pub $CORRETTO_RPM -ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto -COPY --from=cleanup /opt/tomee/ /opt/tomee/ -COPY --from=cleanup /opt/grouper/ /opt/grouper/ -RUN groupadd -r tomcat \ - && useradd -r -m -s /sbin/nologin -g tomcat tomcat \ - && rm -f /etc/alternatives/java \ - && ln -s $JAVA_HOME/bin/java /etc/alternatives/java \ - && mkdir -p /opt/tomee/conf/Catalina/localhost/ - -COPY container_files/tier-support/ /opt/tier-support/ -COPY container_files/usr-local-bin/ /usr/local/bin/ -RUN chmod +x /usr/local/bin/*.sh -COPY container_files/httpd/* /etc/httpd/conf.d/ -COPY container_files/shibboleth/* /etc/shibboleth/ -RUN cp /dev/null /etc/httpd/conf.d/ssl.conf -RUN rm -f /opt/tomee/bin/log4j-* -COPY container_files/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/ -RUN rm -f /opt/tomee/lib/slf4j-* -COPY container_files/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/ -RUN rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-* -COPY container_files/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/ -COPY container_files/certs/* /opt/grouper/certs/ -#RUN rm -f /opt/grouper/grouperWebapp/WEB-INF/grouperUi2/index/index.jsp -#COPY container_files/index.jsp /opt/grouper/grouperWebapp/WEB-INF/grouperUi2/index/ +# if we are doing layers for caching while developing the container, can call run from here and not from containreDockerfileInstall.sh... +COPY container_files/containerDockerfileInstallJava.sh /opt/container_files/ +COPY container_files/morphString.properties /opt/container_files/ +COPY container_files/grouper.installer.properties /opt/container_files/ +COPY container_files/containerDockerfileInstallGrouper.sh /opt/container_files/ + +RUN cd /tmp \ + && chmod +x /opt/container_files/*.sh \ + && find /opt/container_files/ -type f -name "*.sh" -print0 | xargs -0 dos2unix \ + && /opt/container_files/containerDockerfileInstallJava.sh $CORRETTO_URL_PERM $CORRETTO_RPM $JAVA_HOME $GROUPER_VERSION \ + && /opt/container_files/containerDockerfileInstallGrouper.sh $CORRETTO_URL_PERM $CORRETTO_RPM $JAVA_HOME $GROUPER_VERSION + +# real copy command (if not caching), uncomment this and change comments of COPY above to work on install script +COPY container_files/ /opt/container_files/ -# this is to improve openshift -RUN touch /opt/grouper/grouperEnv.sh \ - && mkdir -p /opt/tomee/work/Catalina/localhost/ \ - && mkdir -p /opt/grouper/certs/client \ - && mkdir -p /opt/grouper/certs/anchors \ - && chown tomcat:root /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts \ - && chown -R tomcat:root $(find /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ ! -user tomcat -o ! -group root -print) \ - && chmod g+rwx /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts \ - && chmod -R g+rwx $(find /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ ! -perm -g+rwx ) \ - && chmod +x /opt/grouper/*.sh +RUN cd /tmp \ + && chmod +x /opt/container_files/*.sh \ + && find /opt/container_files/ -type f -name "*.sh" -print0 | xargs -0 dos2unix \ + && /opt/container_files/containerDockerfileInstall.sh $CORRETTO_URL_PERM $CORRETTO_RPM $JAVA_HOME $GROUPER_VERSION -# keep backup of files -RUN mkdir -p /opt/tier-support/originalFiles ; \ - cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null ; \ - cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null + +# testing container +# see output with docker build . --tag my:grouper +# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper . +# docker run --detach --name mygrouper mygrouper:latest +# docker exec -it mygrouper bash WORKDIR /opt/grouper/grouperWebapp/WEB-INF/ EXPOSE 80 443 HEALTHCHECK NONE -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] -# CMD ["bin/gsh.sh", "-loader"] + + ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +## uncomment ping, and comment out other entrypoint to just have a simple runnable container +#ENTRYPOINT ["ping"] +#CMD ["google.com"] \ No newline at end of file diff --git a/container_files/containerDockerfileInstall.sh b/container_files/containerDockerfileInstall.sh new file mode 100644 index 00000000..382a22be --- /dev/null +++ b/container_files/containerDockerfileInstall.sh @@ -0,0 +1,187 @@ +#!/bin/bash + +# $1 ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm +# $2 ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm +# $3 ARG JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto +# $4 ARG GROUPER_VERSION=2.6.14 + +chmod 775 $(find /opt/container_files -type d) +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 775 \$(find /opt/container_files -type d), result: $returnCode" + +chmod 664 $(find /opt/container_files -type f) +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 664 \$(find /opt/container_files -type f), result: $returnCode" + +chmod 775 $(find /opt/container_files -type f -name "*.sh") +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 775 \$(find /opt/container_files -type f -name \"*.sh\"), result: $returnCode" + +mkdir -p /opt/grouper/grouperWebapp/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/grouperWebapp/, result: $returnCode" + +mkdir -p /opt/tomee/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/, result: $returnCode" + +mv /opt/grouper/$4/grouperInstaller.jar /opt/grouper/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$4/grouperInstaller.jar /opt/grouper/, result: $returnCode" + +mv /opt/grouper/$4/container/tomee/* /opt/tomee/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$4/container/tomee/* /opt/tomee/, result: $returnCode" + +mkdir -p /opt/tomee/temp +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/temp, result: $returnCode" + +mkdir -p /opt/tomee/work +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/work, result: $returnCode" + +mv /opt/grouper/$4/container/webapp/* /opt/grouper/grouperWebapp/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/grouper/$4/container/webapp/* /opt/grouper/grouperWebapp/, result: $returnCode" + +rm -rf /opt/grouper/$4 +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/grouper/$4, result: $returnCode" + +rm -rf /opt/tomee/webapps/docs/ /opt/tomee/webapps/host-manager/ /opt/tomee/webapps/manager/ /opt/tomee/logs/* /opt/tomee/temp/* /opt/tomee/work/* /opt/tomee/conf/logging.properties +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/tomee/webapps/docs/ /opt/tomee/webapps/host-manager/ /opt/tomee/webapps/manager/ /opt/tomee/logs/* /opt/tomee/temp/* /opt/tomee/work/*\ /opt/tomee/conf/logging.properties, result: $returnCode" + +cp -R /opt/container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/, result: $returnCode" + +cp -R /opt/container_files/tomee/* /opt/tomee/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/tomee/* /opt/tomee/, result: $returnCode" + +mkdir -p /opt/tomee/conf/Catalina/localhost/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/conf/Catalina/localhost/, result: $returnCode" + +ln -sf /usr/share/zoneinfo/UTC /etc/localtime +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -sf /usr/share/zoneinfo/UTC /etc/localtime, result: $returnCode" + +rm -f /etc/alternatives/java +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /etc/alternatives/java, result: $returnCode" + +ln -s $3/bin/java /etc/alternatives/java +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -s $3/bin/java /etc/alternatives/java, result: $returnCode" + +mv /opt/container_files/tier-support /opt +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/tier-support /opt, result: $returnCode" + +mv /opt/container_files/usr-local-bin/* /usr/local/bin/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/usr-local-bin/* /usr/local/bin/, result: $returnCode" + +mv /opt/container_files/httpd/* /etc/httpd/conf.d/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/httpd/* /etc/httpd/conf.d/, result: $returnCode" + +mv /opt/container_files/shibboleth/* /etc/shibboleth/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/shibboleth/* /etc/shibboleth/, result: $returnCode" + +cp /dev/null /etc/httpd/conf.d/ssl.conf +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /dev/null /etc/httpd/conf.d/ssl.conf, result: $returnCode" + +rm -f /opt/tomee/bin/log4j-* +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomee/bin/log4j-*, result: $returnCode" + +mv /opt/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/, result: $returnCode" + +rm -f /opt/tomee/lib/slf4j-* +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomee/lib/slf4j-*, result: $returnCode" + +mv /opt/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/, result: $returnCode" + +rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-* +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*, result: $returnCode" + +mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/, result: $returnCode" + +touch /opt/grouper/grouperEnv.sh +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) touch /opt/grouper/grouperEnv.sh, result: $returnCode" + +mkdir -p /opt/tomee/work/Catalina/localhost/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/work/Catalina/localhost/, result: $returnCode" + +mkdir -p /opt/grouper/certs/client +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/client, result: $returnCode" + +mkdir -p /opt/grouper/certs/anchors +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/anchors, result: $returnCode" + +mv /opt/container_files/certs/* /opt/grouper/certs/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode" + +echo 'umask 002' >> /home/tomcat/.bashrc +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) echo 'umask 002' >> /home/tomcat/.bashrc, result: $returnCode" + +mkdir -p /opt/tier-support/originalFiles +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tier-support/originalFiles, result: $returnCode" + +cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null, result: $returnCode" + +/opt/container_files/containerDockerfileInstallPermissions.sh tomcat root +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) /opt/container_files/containerDockerfileInstallPermissions.sh tomcat root, result: $returnCode" + diff --git a/container_files/containerDockerfileInstallGrouper.sh b/container_files/containerDockerfileInstallGrouper.sh new file mode 100644 index 00000000..58161654 --- /dev/null +++ b/container_files/containerDockerfileInstallGrouper.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# $1 ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm +# $2 ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm +# $3 ARG JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto +# $4 ARG GROUPER_VERSION=2.6.14 + +mv /opt/container_files/tier-support /opt +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/tier-support /opt, result: $returnCode" + +mkdir -p /opt/grouper/$GROUPER_VERSION +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) , result: $returnCode" + +wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar, result: $returnCode" + +mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode" + +# Temporary morphString file used for building, not used in production +mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode" + +cd /opt/grouper/$GROUPER_VERSION/ +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) cd /opt/grouper/$GROUPER_VERSION/, result: $returnCode" + +$JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallGrouper.sh) $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller, result: $returnCode" + diff --git a/container_files/containerDockerfileInstallJava.sh b/container_files/containerDockerfileInstallJava.sh new file mode 100644 index 00000000..f8ab88f7 --- /dev/null +++ b/container_files/containerDockerfileInstallJava.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# $1 ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm +# $2 ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm +# $3 ARG JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto +# $4 ARG GROUPER_VERSION=2.6.14 + +curl -O -L $1 +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) curl -O -L $1, result: $returnCode" + +rpm --import /opt/container_files/java-corretto/corretto-signing-key.pub +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) rpm --import /opt/container_files/java-corretto/corretto-signing-key.pub corretto-signing-key.pub, result: $returnCode" + +rpm -K $2 +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) rpm -K $2, result: $returnCode" + +rpm -i $2 +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) rpm -i $2, result: $returnCode" + +rm -r $2 +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallJava.sh) rm -r $2, result: $returnCode" + diff --git a/container_files/containerDockerfileInstallPermissions.sh b/container_files/containerDockerfileInstallPermissions.sh new file mode 100644 index 00000000..e704f983 --- /dev/null +++ b/container_files/containerDockerfileInstallPermissions.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +if [ $# -lt 2 ]; then + echo 'pass in user and group, e.g. /opt/container_files/containerDockerfileInstallPermissions.sh tomcat root' + exit 1 +fi + +user=$1 +group=$2 + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -user $user -print | wc -l) +if [ $lines -ne 0 ]; then + chown $user:$group $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -user $user -print) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chown $user:$group \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -user $user -print), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -group $group -print | wc -l) +if [ $lines -ne 0 ]; then + chown $user:$group $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -group $group -print) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chown $user:$group \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts ! -group $group -print), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws | wc -l) +if [ $lines -ne 0 ]; then + chmod g+rws $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod g+rws \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws ), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -type f ! -perm -g+rw | wc -l) +if [ $lines -ne 0 ]; then + chmod g+rw $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -type f ! -perm -g+rw) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod g+rw \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -type f ! -perm -g+rw ), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w | wc -l) +if [ $lines -ne 0 ]; then + chmod o-w $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod o-w \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w ), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -g+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -g+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name \"*.sh\" ! -perm -g+x), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -u+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -u+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name \"*.sh\" ! -perm -u+x), result: $returnCode" +fi + +lines=$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -o+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name "*.sh" ! -perm -o+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /opt/container_files/ /opt/grouper/ /opt/tier/ /opt/tier-support/ /opt/tomee/ /etc/httpd/conf/ /home/tomcat/ /etc/httpd/conf.d/ -type f -name \"*.sh\" ! -perm -o+x), result: $returnCode" +fi + +find /usr/local/bin/ -type f -print0 | xargs -0 dos2unix +returnCode=$? +echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) find /usr/local/bin/ -type f -print0 | xargs -0 dos2unix, result: $returnCode" + +lines=$(find /usr/local/bin -type f ! -perm -g+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /usr/local/bin -type f ! -perm -g+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -g+x), result: $returnCode" +fi + +lines=$(find /usr/local/bin -type f ! -perm -o+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /usr/local/bin -type f ! -perm -o+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -o+x), result: $returnCode" +fi + + +lines=$(find /usr/local/bin -type f ! -perm -u+x | wc -l) +if [ $lines -ne 0 ]; then + chmod +x $(find /usr/local/bin -type f ! -perm -u+x) + returnCode=$? + echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) chmod +x \$(find /usr/local/bin -type f ! -perm -u+x), result: $returnCode" +fi diff --git a/container_files/tier-support/test/docker-compose.yaml.txt b/container_files/tier-support/test/docker-compose.yaml.txt new file mode 100644 index 00000000..7dcec8d0 --- /dev/null +++ b/container_files/tier-support/test/docker-compose.yaml.txt @@ -0,0 +1,26 @@ +version: '3' +services: + postgres: + image: "postgres:14" + restart: always + ports: + - '5432:5432' + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=pass + grouper: + # i2incommon/grouper:2.6.4 + image: "IMAGE_VERSION" + restart: always + ports: + - '443:443' + command: + - quickstart + environment: + - GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse + - GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis + - GROUPER_DATABASE_PASSWORD=pass + - GROUPER_DATABASE_USERNAME=postgres + - GROUPER_DATABASE_URL=jdbc:postgresql://postgres:5432/postgres + - GROUPER_AUTO_DDL_UPTOVERSION=v2.6.* + - GROUPER_RUN_HSQLDB=false \ No newline at end of file diff --git a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh index 27c74f77..393af457 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh @@ -12,12 +12,14 @@ testContainerQuickstart() { echo echo '################' echo Running container as quickstart - echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis \ " - echo "-e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart" + echo "docker-compose up" echo '################' echo - docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis -e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart + cp docker-compose.yaml.txt docker-compose.yaml + sed -i "s|IMAGE_VERSION|$imageName|g" docker-compose.yaml + + docker-compose up sleep $globalSleepSecondsAfterRun assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar @@ -145,5 +147,7 @@ testContainerQuickstart() { containerCommandResultEquals "ps -ef | grep root | grep awk | grep httpd | wc -l" 1 containerCommandResultEquals "ps -ef | grep root | grep awk | grep tomee | wc -l" 1 + docker-compose down + rm docker-compose.yaml } export -f testContainerQuickstart diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile index 27001cff..ccc4dd9b 100644 --- a/container_files/tier-support/test/testContainer.Dockerfile +++ b/container_files/tier-support/test/testContainer.Dockerfile @@ -1,11 +1,10 @@ # this matches the version you decided on from release notes -ARG GROUPER_VERSION=2.5.XX +ARG GROUPER_VERSION=__BASE_CONTAINER__ # --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION} -FROM i2incommon/grouper:2.5.XX +FROM i2incommon/grouper:__BASE_CONTAINER__ # this will overlay all the files from /opt/grouperContainer/slashRoot on to / COPY slashRoot / -RUN chown -R tomcat:root /opt/grouper \ - && chown -R tomcat:root /opt/tomee \ No newline at end of file +RUN /opt/container_files/containerDockerfileInstallPermissions.sh tomcat root \ No newline at end of file diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh index cd3e244d..ad1a33e7 100644 --- a/container_files/usr-local-bin/librarySetupFiles.sh +++ b/container_files/usr-local-bin/librarySetupFiles.sh @@ -78,15 +78,10 @@ setupFiles_chownDirs() { # do this last if [ "$GROUPER_CHOWN_DIRS" = "true" ] then - chown tomcat:root /opt/grouper /opt/tomee + /opt/container_files/containerDockerfileInstallPermissions.sh tomcat root returnCode=$? - echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown tomcat:root /opt/grouper /opt/tomee, result: $returnCode" - - chown -R tomcat:root $(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print) - returnCode=$? - echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown -R tomcat:root \$(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print), result: $returnCode" - # dont fail on chown - #if [ $returnCode != 0 ]; then exit $returnCode; fi + echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) /opt/container_files/containerDockerfileInstallPermissions.sh tomcat root, result: $returnCode" + if [ $returnCode != 0 ]; then exit $returnCode; fi fi }