re-working entrypoint/start-up scripts; fixed a few other things alon…

…g the way.
docker · May 21, 2018 · bbbda9d · bbbda9d
1 parent 27040f3
commit bbbda9d
Showing 11 changed files with 91 additions and 39 deletions.
diff --git a/container_files/usr-local-bin/daemon b/container_files/usr-local-bin/daemon
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+. /usr/local/bin/library.sh
+
+prepDaemon
+
 export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"
 
 exec bin/gsh -loader > /tmp/loggrouper
diff --git a/container_files/usr-local-bin/entrypoint.sh b/container_files/usr-local-bin/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
 . /usr/local/bin/library.sh
-prepDaemon
+prepConf
 
 exec "$@"
diff --git a/container_files/usr-local-bin/gsh b/container_files/usr-local-bin/gsh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+. /usr/local/bin/library.sh
+
+prepDaemon
+
 export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"
 
 exec bin/gsh "$@" | tee /tmp/loggrouper
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
@@ -7,26 +7,37 @@ setupPipe() {
     mkfifo -m 666 $1
 }
 
-# Make a "console" logging pipe that anyone can write too regardless of who owns the process.
-setupPipe /tmp/logpipe
-cat <> /tmp/logpipe &
+setupLoggingPipe() {
+    # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
+    setupPipe /tmp/logpipe
+    cat <> /tmp/logpipe &
+}
 
 # Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
-setupPipe /tmp/loggrouper
-(cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-
-setupPipe /tmp/loghttpd
-(cat <> /tmp/loghttpd  | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupGrouperLogPipe() {
+    setupPipe /tmp/loggrouper
+    (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
 
-setupPipe /tmp/logshibd
-(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupHttpdLogPipe() {
+    setupPipe /tmp/loghttpd
+    (cat <> /tmp/loghttpd  | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
 
-setupPipe /tmp/logtomcat
-(cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupShibdLogPipe() {
+    setupPipe /tmp/logshibd
+    (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
 
-setupPipe /tmp/logsuperd
-(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupTomcatLogPipe() {
+    setupPipe /tmp/logtomcat
+    (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
 
+setupSupervisordLogPipe() {
+    setupPipe /tmp/logsuperd
+    (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
 
 linkGrouperSecrets() {
     for filepath in /run/secrets/*; do
@@ -46,6 +57,11 @@ linkGrouperSecrets() {
 }
 
 prepDaemon() {
+    setupLoggingPipe
+    setupGrouperLogPipe
+}
+
+prepDaemonConf() {
     local dest=/opt/grouper/grouper.apiBinary
     linkGrouperSecrets $dest/conf
 
@@ -58,6 +74,16 @@ prepDaemon() {
 }
 
 prepSCIM() {
+    setupLoggingPipe
+    setupGrouperLogPipe
+    setupHttpdLogPipe
+    setupTomcatLogPipe
+
+
+    cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
+}
+
+prepSCIMConf() {
     local dest=/opt/grouper/grouper.scim/WEB-INF
     linkGrouperSecrets $dest/classes
 
@@ -66,12 +92,21 @@ prepSCIM() {
     fi
     if [ -d "/opt/grouper/lib" ]; then
         cp -r /opt/grouper/lib/* $dest/lib/
-    fi
-
-    cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
+    fi    
 }
 
 prepUI() {
+    setupLoggingPipe
+    setupGrouperLogPipe
+    setupHttpdLogPipe
+    setupShibdLogPipe
+    setupTomcatLogPipe
+    setupSupervisordLogPipe
+
+    cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
+}
+
+prepUIConf() {
     local dest=/opt/grouper/grouper.ui/WEB-INF
     linkGrouperSecrets $dest/classes
 
@@ -81,11 +116,19 @@ prepUI() {
     if [ -d "/opt/grouper/lib" ]; then
         cp -r /opt/grouper/lib/* $dest/lib/
     fi
-
-    cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
 }
 
 prepWS() {
+    setupLoggingPipe
+    setupGrouperLogPipe
+    setupHttpdLogPipe
+    setupTomcatLogPipe
+    setupSupervisordLogPipe
+
+    cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
+}
+
+prepWSConf() {
     local dest=/opt/grouper/grouper.ws/WEB-INF
     linkGrouperSecrets $dest/classes
 
@@ -95,6 +138,12 @@ prepWS() {
     if [ -d "/opt/grouper/lib" ]; then
         cp -r /opt/grouper/lib/* $dest/lib/
     fi
-
-    cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
 }
+
+
+prepConf() {
+    prepDaemonConf
+    prepSCIMConf
+    prepUIConf
+    prepWSConf
+}
diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+. /usr/local/bin/library.sh
+
 prepUI
 
 export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH

diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+. /usr/local/bin/library.sh
+
 prepUI
 prepWS
 

diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+. /usr/local/bin/library.sh
+
 prepWS
 
 exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
diff --git a/test-compose/README.md b/test-compose/README.md
@@ -53,7 +53,7 @@ Note that when accessing the Grouper UI, Grouper WS, or Shibboleth IdP, your bro
 - In this example, we use a variety of ways to pass in passwords (Grouper database, LDAP, Grouper Client, and RabbitMQ). The point is to demonstrate possibilities and not demonstrating what is required. (See the image readme for more details.)
 - Docker `configs` are not supported by Docker Compose (when run in a non-Swarm mode), so those are represented in the `docker-compose.yml` file as bind mount volumes.
 - The Grouper config files in the `data` image's `conf` directory are used to build the sample grouper database and ldap store. They are not used when the container is instantiated as there is no Grouper runtime in this container.
-- The containers will use Docker Secrets and bind mounts for non-sensitive files that are read from the `configs-ans-secrets` directory in the `test-compose` directory.
+- The containers will use Docker Secrets and bind mounts for non-sensitive files that are read from the `configs-and-secrets` directory in the `test-compose` directory.
 - With regard to RabbitMQ, the deployer must manually add a queue named `sampleQueue` to see Grouper messages in RabbitMQ. Messages will be dropped by RabbitMQ (and the Grouper Deamon will log errors) until this occurs.
 - In this example, we don't care about the IdP secrets. They are baked into the overlay instead of using Docker Secrets. (This is not best practice for an IdP configuration, but that isn't the focus of this example.)
 

diff --git a/test-compose/configs-and-secrets/grouper/grouper.client.properties b/test-compose/configs-and-secrets/grouper/grouper.client.properties
@@ -55,7 +55,7 @@ grouperClient.webService.login = banderson
 
 # password for shared secret authentication to web service
 # or you can put a filename with an encrypted password
-grouperClient.webService.password = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
+grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
 
 
 ################################
@@ -100,7 +100,7 @@ grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
 grouper.messaging.system.rabbitmq.user = guest
 
 #pass
-grouper.messaging.system.rabbitmq.password = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
+grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
 # set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
 # TLS Version
 #grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1

diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile
@@ -8,7 +8,8 @@ COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
 RUN yum install -y epel-release \
     && yum update -y \
     && yum install -y 389-ds-base 389-admin 389-adminutil mariadb-server mariadb \
-    && yum clean all
+    && yum clean all \
+    && rm -rf /var/cache/yum
 
 RUN mysql_install_db \
     && chown -R mysql:mysql /var/lib/mysql/ \

diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:
   daemon:
     build: ./daemon/
-    command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; exec daemon"
+    command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://data:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec daemon"
     depends_on:
      - data
     environment:
@@ -13,9 +13,6 @@ services:
      - RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
      - USERTOKEN=build-2
-    logging:
-      options:
-        tag: "grouper daemon"
     networks:
      - back
     secrets:
@@ -46,9 +43,6 @@ services:
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
      - USERTOKEN=build-2
-    logging:
-      options:
-         tag: "grouper ui"
     networks:
      - front
      - back
@@ -100,9 +94,6 @@ services:
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
      - USERTOKEN=build-2
-    logging:
-      options:
-        tag: "grouoer ws"
     networks:
      - front
      - back
@@ -178,9 +169,6 @@ services:
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
      - USERTOKEN=build-2
-    logging:
-      options:
-         tag: "grouper gsh"
     networks:
      - back
     secrets: