diff --git a/Dockerfile b/Dockerfile index 387a76cf..f9e820a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,13 +77,13 @@ RUN groupadd -r tomcat \ && chown -R tomcat:tomcat /opt/tomee \ && ln -s $JAVA_HOME/bin/java /etc/alternatives/java \ && mkdir -p /opt/tomee/conf/Catalina/localhost/ \ - && chown -R tomcat:tomcat /opt/grouper/grouperWebapp \ + && chown -R tomcat:tomcat /opt/grouper \ && mkdir /opt/hsqldb \ && chown tomcat:tomcat /opt/hsqldb - COPY container_files/tier-support/ /opt/tier-support/ COPY container_files/usr-local-bin/ /usr/local/bin/ +RUN chmod +x /usr/local/bin/*.sh COPY container_files/httpd/* /etc/httpd/conf.d/ COPY container_files/shibboleth/* /etc/shibboleth/ RUN cp /dev/null /etc/httpd/conf.d/ssl.conf diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh index 5697897d..f1dfce8d 100644 --- a/container_files/tier-support/test/grouperContainerUnitTest.sh +++ b/container_files/tier-support/test/grouperContainerUnitTest.sh @@ -5,7 +5,7 @@ if [ "$#" -ne 3 ]; then exit 1 fi -expectedSuccesses=412 +expectedSuccesses=521 export containerName=$1 export imageName=$2 @@ -27,6 +27,8 @@ export failureCount=0 . ./grouperContainerUnitTestScim.sh . ./grouperContainerUnitTestWs.sh . ./grouperContainerUnitTestQuickstart.sh +. ./grouperContainerUnitTestUiSubimage.sh +. ./grouperContainerUnitTestUiSubimageNonroot.sh testContainerUi @@ -38,8 +40,12 @@ testContainerScim testContainerWs testContainerQuickstart testContainerDaemon +testContainerUiSubimage +testContainerUiSubimageNonroot dockerRemoveContainer +dockerRemoveSubimage + echo "" echo "$successCount successes, $failureCount failures" if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ] ; then @@ -57,6 +63,8 @@ unset -f globalSleepSecondsAfterRun unset -f testContainerQuickstart unset -f testContainerDaemon unset -f testContainerUi +unset -f testContainerUiSubimage +unset -f testContainerUiSubimageNonroot unset -f testContainerUiNoSsl unset -f testContainerUiDifferentPorts unset -f testContainerSlashRoot diff --git a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh index db90535f..f3269692 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh @@ -11,6 +11,19 @@ dockerRemoveContainer() { fi } +dockerRemoveSubimage() { + if [ "$#" -ne 0 ]; then + echo "You must enter exactly 0 arguments" + exit 1 + fi + subimageId="my_$containerName" + subimageName="$subimageId:latest" + if [ "$(docker images | grep $subimageId)" ] + then + docker rmi -f $subimageName + fi +} + # pass in string description, expected value, actual value assertEquals() { if [ "$#" -ne 3 ]; then @@ -230,6 +243,7 @@ grouperContainerUnitTestLibrary_unsetAll() { unset -f assertNumberOfShibProcesses unset -f assertNumberOfTomcatProcesses unset -f dockerRemoveContainer + unset -f dockerRemoveSubimage unset -f grouperContainerUnitTestLibrary_unsetAll unset -f runCommand } @@ -250,6 +264,7 @@ grouperContainerUnitTestLibrary_exportAll() { export -f assertNumberOfShibProcesses export -f assertNumberOfTomcatProcesses export -f dockerRemoveContainer + export -f dockerRemoveSubimage export -f grouperContainerUnitTestLibrary_unsetAll export -f runCommand } diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh new file mode 100644 index 00000000..82e58052 --- /dev/null +++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +testContainerUiSubimage() { + + if [ "$#" -ne 0 ]; then + echo "You must enter exactly 0 command line arguments" + exit 1 + fi + + dockerRemoveContainer + dockerRemoveSubimage + + subimageId="my_$containerName" + subimageName="$subimageId:latest" + + echo "" > Dockerfile + echo "FROM $imageName" >> Dockerfile + echo "ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES 1.1.1.1/32" >> Dockerfile + echo "" >> Dockerfile + + echo + echo '################' + echo Running container with subimage as ui + echo cat DockerFile + cat Dockerfile + echo "docker build -t $subimageId ." + echo "docker run --detach --name $containerName --publish 443:443 $subimageId ui" + echo '################' + echo + + docker build -t "$subimageId" . + + docker run --detach --name $containerName --publish 443:443 $subimageId ui + sleep $globalSleepSecondsAfterRun + + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-2.5.27.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-2.5.27.jar + + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" + assertFileContains /etc/httpd/conf/httpd.conf "Listen 80" + assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp" + assertFileContains /opt/tier-support/supervisord.conf "program:tomee" + assertFileContains /opt/tier-support/supervisord.conf "program:httpd" + assertFileContains /opt/tier-support/supervisord.conf "user=shibd" + assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb" + assertFileNotContains /opt/tier-support/supervisord.conf "__" + assertFileContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt + + assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe" + assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;" + + assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig + assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse + + assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600" + assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__" + + assertEnvVar GROUPERSCIM_PROXY_PASS "#" + assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim" + assertEnvVar GROUPERWS_PROXY_PASS "#" + assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws" + assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600" + assertEnvVar GROUPER_APACHE_NONSSL_PORT "80" + assertEnvVar GROUPER_APACHE_SSL_PORT "443" + assertEnvVar GROUPER_CHOWN_DIRS "true" + assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion" + assertEnvVar GROUPER_DAEMON "false" + assertEnvVar GROUPER_GSH_CHECK_USER "true" + assertEnvVar GROUPER_GSH_USER "tomcat" + assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF" + assertEnvVar GROUPER_LOG_PREFIX "grouper-ui" + assertEnvVar GROUPER_MAX_MEMORY "1500m" + assertEnvVar GROUPER_PROXY_PASS "" + assertEnvVar GROUPER_RUN_APACHE "true" + assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true" + assertEnvVar GROUPER_RUN_SHIB_SP "true" + assertEnvVar GROUPER_RUN_TOMEE "true" + assertEnvVar GROUPER_SCIM "false" + assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false" + assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper" + assertEnvVar GROUPER_UI "true" + assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "1.1.1.1/32" + assertEnvVar GROUPER_UI_GROUPER_AUTH "false" + assertEnvVar GROUPER_UI_ONLY "true" + assertEnvVar GROUPER_URL_CONTEXT "grouper" + assertEnvVar GROUPER_USE_SSL "true" + assertEnvVar GROUPER_WS "false" + assertEnvVar GROUPER_WS_GROUPER_AUTH "false" + + assertNumberOfTomcatProcesses 1 + # bad cert apache wont start + assertNumberOfApacheProcesses 0 + assertNumberOfShibProcesses 1 + + assertNotListeningOnPort 443 + assertNotListeningOnPort 80 + assertListeningOnPort 8009 + assertNotListeningOnPort 9001 + + +} +export -f testContainerUiSubimage diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh new file mode 100644 index 00000000..4ff2f451 --- /dev/null +++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +testContainerUiSubimageNonroot() { + + if [ "$#" -ne 0 ]; then + echo "You must enter exactly 0 command line arguments" + exit 1 + fi + + dockerRemoveContainer + dockerRemoveSubimage + + subimageId="my_$containerName" + subimageName="$subimageId:latest" + myId="$(id -u)" + + echo "" > Dockerfile + echo "FROM $imageName" >> Dockerfile + echo "RUN /usr/local/bin/changeUid.sh tomcat $myId" >> Dockerfile + echo "" >> Dockerfile + + echo + echo '################' + echo Running container with subimage as ui without root + echo cat DockerFile + cat Dockerfile + echo "docker build -t $subimageId ." + echo "docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui" + echo '################' + echo + + docker build -t "$subimageId" . + + docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui + sleep $globalSleepSecondsAfterRun + + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar + assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-2.5.27.jar + assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-2.5.27.jar + + assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe" + assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;" + + assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig + assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse + + assertEnvVar GROUPERSCIM_PROXY_PASS "#" + assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim" + assertEnvVar GROUPERWS_PROXY_PASS "#" + assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws" + assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600" + assertEnvVar GROUPER_APACHE_NONSSL_PORT "80" + assertEnvVar GROUPER_APACHE_SSL_PORT "443" + assertEnvVar GROUPER_CHOWN_DIRS "true" + assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion" + assertEnvVar GROUPER_DAEMON "false" + assertEnvVar GROUPER_GSH_CHECK_USER "true" + assertEnvVar GROUPER_GSH_USER "tomcat" + assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF" + assertEnvVar GROUPER_LOG_PREFIX "grouper-ui" + assertEnvVar GROUPER_MAX_MEMORY "1500m" + assertEnvVar GROUPER_PROXY_PASS "" + assertEnvVarNot GROUPER_RUN_APACHE "true" + assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true" + assertEnvVarNot GROUPER_RUN_SHIB_SP "true" + assertEnvVar GROUPER_RUN_TOMEE "true" + assertEnvVar GROUPER_SCIM "false" + assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false" + assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper" + assertEnvVar GROUPER_UI "true" + assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32" + assertEnvVar GROUPER_UI_GROUPER_AUTH "false" + assertEnvVar GROUPER_UI_ONLY "true" + assertEnvVar GROUPER_URL_CONTEXT "grouper" + assertEnvVar GROUPER_USE_SSL "true" + assertEnvVar GROUPER_WS "false" + assertEnvVar GROUPER_WS_GROUPER_AUTH "false" + + assertNumberOfTomcatProcesses 13 + # bad cert apache wont start + assertNumberOfApacheProcesses 0 + assertNumberOfShibProcesses 0 + + assertNotListeningOnPort 443 + assertNotListeningOnPort 80 + assertListeningOnPort 8009 + assertNotListeningOnPort 9001 + +} +export -f testContainerUiSubimageNonroot diff --git a/container_files/usr-local-bin/changeGid.sh b/container_files/usr-local-bin/changeGid.sh new file mode 100755 index 00000000..69b22caf --- /dev/null +++ b/container_files/usr-local-bin/changeGid.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi +if [ "$#" -ne 2 ]; then + echo "You must enter exactly 2 command line arguments: groupname, and gid to change to" + exit 1 +fi +groupname=$1 +newGid=$2 +getentOutput="$(getent group "$groupname")" +oldGid="$( echo "$getentOutput" |cut -d\: -f3 )" +groupmod -g "$newGid" "$groupname" +find / -xdev -type d -group "$oldGid" -exec chgrp -h "$groupname" {} \; \ No newline at end of file diff --git a/container_files/usr-local-bin/changeUid.sh b/container_files/usr-local-bin/changeUid.sh new file mode 100755 index 00000000..a2bcb7c5 --- /dev/null +++ b/container_files/usr-local-bin/changeUid.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi +if [ "$#" -ne 2 ]; then + echo "You must enter exactly 2 command line arguments: username, and uid to change to" + exit 1 +fi +username=$1 +newUid=$2 +oldUid="$(id -u "$username")" +usermod -u "$newUid" "$username" +find / -xdev -type d -user "$oldUid" -exec chown -h "$username" {} \; diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh index 6361bf55..ca39bfbb 100644 --- a/container_files/usr-local-bin/libraryPrep.sh +++ b/container_files/usr-local-bin/libraryPrep.sh @@ -2,20 +2,22 @@ prep_quickstart() { - if [ -z "$GROUPER_RUN_HSQLDB" ]; then export GROUPER_RUN_HSQLDB=true; fi + + + if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then + if [ -z "$GROUPER_RUN_HSQLDB" ]; then export GROUPER_RUN_HSQLDB=true; fi + if [ -z "$GROUPER_SELF_SIGNED_CERT" ]; then export GROUPER_SELF_SIGNED_CERT=true; fi + if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then export GROUPER_START_DELAY_SECONDS='10'; fi + if [ -z "$GROUPER_DATABASE_URL_FILE" ] && [ -z "$GROUPER_DATABASE_URL" ]; then export GROUPER_DATABASE_URL=jdbc:hsqldb:hsql://localhost:9001/grouper; fi + if [ -z "$GROUPER_DATABASE_USERNAME_FILE" ] && [ -z "$GROUPER_DATABASE_USERNAME" ]; then export GROUPER_DATABASE_USERNAME=sa; fi + fi if [ -z "$GROUPER_RUN_SHIB_SP" ]; then export GROUPER_RUN_SHIB_SP=false; fi - if [ -z "$GROUPER_SELF_SIGNED_CERT" ]; then export GROUPER_SELF_SIGNED_CERT=true; fi if [ -z "$GROUPER_AUTO_DDL_UPTOVERSION" ]; then export GROUPER_AUTO_DDL_UPTOVERSION='v2.5.*'; fi if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'; fi # wait for database to start - if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then export GROUPER_START_DELAY_SECONDS='10'; fi if [ -z "$GROUPER_UI_GROUPER_AUTH" ]; then export GROUPER_UI_GROUPER_AUTH='true'; fi if [ -z "$GROUPER_WS_GROUPER_AUTH" ]; then export GROUPER_WS_GROUPER_AUTH='true'; fi if [ -z "$GROUPER_SCIM_GROUPER_AUTH" ] ; then export GROUPER_SCIM_GROUPER_AUTH=true; fi - - if [ -z "$GROUPER_DATABASE_URL_FILE" ] && [ -z "$GROUPER_DATABASE_URL" ] ; then export GROUPER_DATABASE_URL=jdbc:hsqldb:hsql://localhost:9001/grouper; fi - if [ -z "$GROUPER_DATABASE_USERNAME_FILE" ] && [ -z "$GROUPER_DATABASE_USERNAME" ] ; then export GROUPER_DATABASE_USERNAME=sa; fi - if [ -z "$GROUPER_QUICKSTART" ]; then export GROUPER_QUICKSTART=true; fi } @@ -28,14 +30,14 @@ prep_daemon() { prep_scim() { if [ -z "$GROUPER_SCIM" ]; then export GROUPER_SCIM=true; fi - if [ -z "$GROUPER_RUN_APACHE" ]; then export GROUPER_RUN_APACHE=true; fi + if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then export GROUPER_RUN_APACHE=true; fi if [ -z "$GROUPER_RUN_TOMEE" ]; then export GROUPER_RUN_TOMEE=true; fi } prep_ui() { if [ -z "$GROUPER_UI" ]; then export GROUPER_UI=true; fi - if [ -z "$GROUPER_RUN_APACHE" ]; then export GROUPER_RUN_APACHE=true; fi - if [ -z "$GROUPER_RUN_SHIB_SP" ]; then export GROUPER_RUN_SHIB_SP=true; fi + if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then export GROUPER_RUN_APACHE=true; fi + if [ -z "$GROUPER_RUN_SHIB_SP" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then export GROUPER_RUN_SHIB_SP=true; fi if [ -z "$GROUPER_RUN_TOMEE" ]; then export GROUPER_RUN_TOMEE=true; fi } @@ -80,7 +82,7 @@ prep_runScim() { prep_ws() { if [ -z "$GROUPER_WS" ]; then export GROUPER_WS=true; fi - if [ -z "$GROUPER_RUN_APACHE" ]; then export GROUPER_RUN_APACHE=true; fi + if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then export GROUPER_RUN_APACHE=true; fi if [ -z "$GROUPER_RUN_TOMEE" ]; then export GROUPER_RUN_TOMEE=true; fi } @@ -154,6 +156,8 @@ prep_finishBegin() { if [ -z "$GROUPER_GSH_CHECK_USER" ] ; then export GROUPER_GSH_CHECK_USER=true; fi if [ -z "$GROUPER_GSH_USER" ] ; then export GROUPER_GSH_USER=tomcat; fi + if [ -z "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" ]; then export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false; fi + } prep_finishEnd() { diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh index 81844824..47ab23d7 100644 --- a/container_files/usr-local-bin/librarySetupFiles.sh +++ b/container_files/usr-local-bin/librarySetupFiles.sh @@ -48,13 +48,13 @@ setupFiles_chownDirs() { setupFiles_storeEnvVars() { - echo "#!/bin/sh" > /usr/local/bin/grouperEnv.sh - echo "" >> /usr/local/bin/grouperEnv.sh + echo "#!/bin/sh" > /opt/grouper/grouperEnv.sh + echo "" >> /opt/grouper/grouperEnv.sh # go through env vars, should start with GROUPER and have an equals sign in there - env | grep "^GROUPER" | grep "=" >> /usr/local/bin/grouperEnv.sh + env | grep "^GROUPER" | grep "=" >> /opt/grouper/grouperEnv.sh - sed -i "s|^GROUPER|export GROUPER|g" /usr/local/bin/grouperEnv.sh + sed -i "s|^GROUPER|export GROUPER|g" /opt/grouper/grouperEnv.sh if [ ! -f /home/tomcat/.bashrc ] then @@ -64,26 +64,27 @@ setupFiles_storeEnvVars() { if ! grep -q grouperEnv /home/tomcat/.bashrc then echo "" >> /home/tomcat/.bashrc - echo ". /usr/local/bin/grouperEnv.sh" >> /home/tomcat/.bashrc + echo ". /opt/grouper/grouperEnv.sh" >> /home/tomcat/.bashrc echo "" >> /home/tomcat/.bashrc fi - - # we need these global - if [ ! -f /etc/bashrc ] - then - echo "Why doesnt /etc/bashrc exist????" - exit 1 - fi - if ! grep -q GROUPER_GSH_CHECK_USER /etc/bashrc - then - echo "" >> /etc/bashrc - echo "export GROUPER_GSH_CHECK_USER=$GROUPER_GSH_CHECK_USER" >> /etc/bashrc - echo "export GROUPER_GSH_USER=$GROUPER_GSH_USER" >> /etc/bashrc - echo "export JAVA_HOME=$JAVA_HOME" >> /etc/bashrc - echo "export PATH=$JAVA_HOME/bin:\$PATH" >> /etc/bashrc - echo "" >> /etc/bashrc - + # if we own this file (i.e. running as root) + if [[ -O "/etc/bashrc" ]]; then + # we need these global + if [ ! -f /etc/bashrc ] + then + echo "Why doesnt /etc/bashrc exist????" + exit 1 + fi + if ! grep -q GROUPER_GSH_CHECK_USER /etc/bashrc + then + echo "" >> /etc/bashrc + echo "export GROUPER_GSH_CHECK_USER=$GROUPER_GSH_CHECK_USER" >> /etc/bashrc + echo "export GROUPER_GSH_USER=$GROUPER_GSH_USER" >> /etc/bashrc + echo "export JAVA_HOME=$JAVA_HOME" >> /etc/bashrc + echo "export PATH=$JAVA_HOME/bin:\$PATH" >> /etc/bashrc + echo "" >> /etc/bashrc + fi fi } diff --git a/container_files/usr-local-bin/librarySetupFilesApache.sh b/container_files/usr-local-bin/librarySetupFilesApache.sh index 2d689ad2..58bdef9c 100644 --- a/container_files/usr-local-bin/librarySetupFilesApache.sh +++ b/container_files/usr-local-bin/librarySetupFilesApache.sh @@ -1,14 +1,14 @@ #!/bin/bash setupFilesApache_selfSignedCert() { - if [ "$GROUPER_SELF_SIGNED_CERT" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_SELF_SIGNED_CERT" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] then cp /opt/tier-support/ssl-enabled.conf /etc/httpd/conf.d/ fi } setupFilesApache_ssl() { - if [ "$GROUPER_USE_SSL" != "true" ] + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" != "true" ] then if [ -f /etc/httpd/conf.d/ssl.conf ] then @@ -41,12 +41,12 @@ setupFilesApache_ports() { # filter the ssl config for ssl port - if [ -f /etc/httpd/conf.d/ssl-enabled.conf ] + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] then sed -i "s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g" /etc/httpd/conf.d/ssl-enabled.conf fi - if [ "$GROUPER_APACHE_NONSSL_PORT" != "80" ] + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_APACHE_NONSSL_PORT" != "80" ] then sed -i "s|Listen 80|Listen $GROUPER_APACHE_NONSSL_PORT|g" /etc/httpd/conf/httpd.conf fi diff --git a/container_files/usr-local-bin/librarySetupFilesForProcess.sh b/container_files/usr-local-bin/librarySetupFilesForProcess.sh index 9ab7e6fd..0d4b8073 100644 --- a/container_files/usr-local-bin/librarySetupFilesForProcess.sh +++ b/container_files/usr-local-bin/librarySetupFilesForProcess.sh @@ -21,9 +21,10 @@ setupFilesForProcess_hsqldbVersions() { setupFilesForProcess_supervisor() { - # clear out existing supervisord config - cat /opt/tier-support/supervisord-base.conf > /opt/tier-support/supervisord.conf - + if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then + # clear out existing supervisord config + cat /opt/tier-support/supervisord-base.conf > /opt/tier-support/supervisord.conf + fi } setupFilesForProcess() { @@ -38,34 +39,36 @@ setupFilesForProcess() { setupFilesForProcess_supervisorFinal() { - if [ "$GROUPER_RUN_PROCESSES_AS_USERS" = "true" ] - then - # let these lines live - sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__||g" /opt/tier-support/supervisord.conf - else - # comment out these lines - sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__|;|g" /opt/tier-support/supervisord.conf + if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then + if [ "$GROUPER_RUN_PROCESSES_AS_USERS" = "true" ] + then + # let these lines live + sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__||g" /opt/tier-support/supervisord.conf + else + # comment out these lines + sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__|;|g" /opt/tier-support/supervisord.conf + fi fi - } setupFilesForProcess_shib() { - if [ -f /etc/httpd/conf.d/shib.conf ] - then - mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse + if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then + if [ -f /etc/httpd/conf.d/shib.conf ] + then + mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse + fi + + if [ "$GROUPER_RUN_SHIB_SP" = "true" ] + then + setupPipe_shibdLog + export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH + cat /opt/tier-support/supervisord-shibsp.conf >> /opt/tier-support/supervisord.conf + cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/ + mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf + if [ -z "$GROUPERUI_LOGOUT_REDIRECTTOURL" ]; then export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout; fi + fi fi - - if [ "$GROUPER_RUN_SHIB_SP" = "true" ] - then - setupPipe_shibdLog - export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH - cat /opt/tier-support/supervisord-shibsp.conf >> /opt/tier-support/supervisord.conf - cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/ - mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf - if [ -z "$GROUPERUI_LOGOUT_REDIRECTTOURL" ]; then export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout; fi - fi - } diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh index 192822c0..48f31989 100644 --- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh +++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh @@ -31,7 +31,7 @@ setupFilesTomcat_context() { fi # setup the apache linkage to tomcat - if [ -f /etc/httpd/conf.d/grouper-www.conf ] + if [ -f /etc/httpd/conf.d/grouper-www.conf ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] then sed -i "s|__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__|$GROUPER_APACHE_AJP_TIMEOUT_SECONDS|g" /etc/httpd/conf.d/grouper-www.conf sed -i "s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf @@ -58,7 +58,7 @@ setupFilesTomcat_authn() { setupFilesTomcat_logging() { - if [ "$GROUPER_RUN_TOMEE" = "true" ] + if [ "$GROUPER_RUN_TOMEE" = "true" ] && [ "$GROUPER_LOG_TO_HOST" != "true" ] then setupPipe_tomcatLog fi @@ -67,7 +67,7 @@ setupFilesTomcat_logging() { setupFilesTomcat_supervisor() { - if [ "$GROUPER_RUN_TOMEE" = "true" ] + if [ "$GROUPER_RUN_TOMEE" = "true" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] then cat /opt/tier-support/supervisord-tomee.conf >> /opt/tier-support/supervisord.conf fi