diff --git a/container_files/usr-local-bin/daemon b/container_files/usr-local-bin/daemon
index 60ebd468..27f3da63 100755
--- a/container_files/usr-local-bin/daemon
+++ b/container_files/usr-local-bin/daemon
@@ -1,5 +1,9 @@
#!/bin/bash
+. /usr/local/bin/library.sh
+
+prepDaemon
+
export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"
exec bin/gsh -loader > /tmp/loggrouper
diff --git a/container_files/usr-local-bin/entrypoint.sh b/container_files/usr-local-bin/entrypoint.sh
index bf4bfd69..83e985d6 100755
--- a/container_files/usr-local-bin/entrypoint.sh
+++ b/container_files/usr-local-bin/entrypoint.sh
@@ -1,6 +1,6 @@
#!/bin/sh
. /usr/local/bin/library.sh
-prepDaemon
+prepConf
exec "$@"
\ No newline at end of file
diff --git a/container_files/usr-local-bin/gsh b/container_files/usr-local-bin/gsh
index 589a1838..0539b40a 100755
--- a/container_files/usr-local-bin/gsh
+++ b/container_files/usr-local-bin/gsh
@@ -1,5 +1,9 @@
#!/bin/bash
+. /usr/local/bin/library.sh
+
+prepDaemon
+
export GSH_JVMARGS="-DENV=$ENV -DUSERTOKEN=$USERTOKEN"
exec bin/gsh "$@" | tee /tmp/loggrouper
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
index 15cf545c..5d3790af 100755
--- a/container_files/usr-local-bin/library.sh
+++ b/container_files/usr-local-bin/library.sh
@@ -7,26 +7,37 @@ setupPipe() {
mkfifo -m 666 $1
}
-# Make a "console" logging pipe that anyone can write too regardless of who owns the process.
-setupPipe /tmp/logpipe
-cat <> /tmp/logpipe &
+setupLoggingPipe() {
+ # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
+ setupPipe /tmp/logpipe
+ cat <> /tmp/logpipe &
+}
# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
-setupPipe /tmp/loggrouper
-(cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-
-setupPipe /tmp/loghttpd
-(cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupGrouperLogPipe() {
+ setupPipe /tmp/loggrouper
+ (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
-setupPipe /tmp/logshibd
-(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupHttpdLogPipe() {
+ setupPipe /tmp/loghttpd
+ (cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
-setupPipe /tmp/logtomcat
-(cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupShibdLogPipe() {
+ setupPipe /tmp/logshibd
+ (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
-setupPipe /tmp/logsuperd
-(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+setupTomcatLogPipe() {
+ setupPipe /tmp/logtomcat
+ (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
+setupSupervisordLogPipe() {
+ setupPipe /tmp/logsuperd
+ (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+}
linkGrouperSecrets() {
for filepath in /run/secrets/*; do
@@ -46,6 +57,11 @@ linkGrouperSecrets() {
}
prepDaemon() {
+ setupLoggingPipe
+ setupGrouperLogPipe
+}
+
+prepDaemonConf() {
local dest=/opt/grouper/grouper.apiBinary
linkGrouperSecrets $dest/conf
@@ -58,6 +74,16 @@ prepDaemon() {
}
prepSCIM() {
+ setupLoggingPipe
+ setupGrouperLogPipe
+ setupHttpdLogPipe
+ setupTomcatLogPipe
+
+
+ cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
+}
+
+prepSCIMConf() {
local dest=/opt/grouper/grouper.scim/WEB-INF
linkGrouperSecrets $dest/classes
@@ -66,12 +92,21 @@ prepSCIM() {
fi
if [ -d "/opt/grouper/lib" ]; then
cp -r /opt/grouper/lib/* $dest/lib/
- fi
-
- cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
+ fi
}
prepUI() {
+ setupLoggingPipe
+ setupGrouperLogPipe
+ setupHttpdLogPipe
+ setupShibdLogPipe
+ setupTomcatLogPipe
+ setupSupervisordLogPipe
+
+ cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
+}
+
+prepUIConf() {
local dest=/opt/grouper/grouper.ui/WEB-INF
linkGrouperSecrets $dest/classes
@@ -81,11 +116,19 @@ prepUI() {
if [ -d "/opt/grouper/lib" ]; then
cp -r /opt/grouper/lib/* $dest/lib/
fi
-
- cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
}
prepWS() {
+ setupLoggingPipe
+ setupGrouperLogPipe
+ setupHttpdLogPipe
+ setupTomcatLogPipe
+ setupSupervisordLogPipe
+
+ cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
+}
+
+prepWSConf() {
local dest=/opt/grouper/grouper.ws/WEB-INF
linkGrouperSecrets $dest/classes
@@ -95,6 +138,12 @@ prepWS() {
if [ -d "/opt/grouper/lib" ]; then
cp -r /opt/grouper/lib/* $dest/lib/
fi
-
- cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
}
+
+
+prepConf() {
+ prepDaemonConf
+ prepSCIMConf
+ prepUIConf
+ prepWSConf
+}
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui
index c8895168..a03ed585 100755
--- a/container_files/usr-local-bin/ui
+++ b/container_files/usr-local-bin/ui
@@ -1,5 +1,7 @@
#!/bin/bash
+. /usr/local/bin/library.sh
+
prepUI
export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws
index 8defab26..de1384c4 100755
--- a/container_files/usr-local-bin/ui-ws
+++ b/container_files/usr-local-bin/ui-ws
@@ -1,5 +1,7 @@
#!/bin/bash
+. /usr/local/bin/library.sh
+
prepUI
prepWS
diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws
index 51632529..0e10b688 100755
--- a/container_files/usr-local-bin/ws
+++ b/container_files/usr-local-bin/ws
@@ -1,5 +1,7 @@
#!/bin/bash
+. /usr/local/bin/library.sh
+
prepWS
exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
diff --git a/test-compose/README.md b/test-compose/README.md
index 2dc53e0e..6bf62c51 100644
--- a/test-compose/README.md
+++ b/test-compose/README.md
@@ -53,7 +53,7 @@ Note that when accessing the Grouper UI, Grouper WS, or Shibboleth IdP, your bro
- In this example, we use a variety of ways to pass in passwords (Grouper database, LDAP, Grouper Client, and RabbitMQ). The point is to demonstrate possibilities and not demonstrating what is required. (See the image readme for more details.)
- Docker `configs` are not supported by Docker Compose (when run in a non-Swarm mode), so those are represented in the `docker-compose.yml` file as bind mount volumes.
- The Grouper config files in the `data` image's `conf` directory are used to build the sample grouper database and ldap store. They are not used when the container is instantiated as there is no Grouper runtime in this container.
-- The containers will use Docker Secrets and bind mounts for non-sensitive files that are read from the `configs-ans-secrets` directory in the `test-compose` directory.
+- The containers will use Docker Secrets and bind mounts for non-sensitive files that are read from the `configs-and-secrets` directory in the `test-compose` directory.
- With regard to RabbitMQ, the deployer must manually add a queue named `sampleQueue` to see Grouper messages in RabbitMQ. Messages will be dropped by RabbitMQ (and the Grouper Deamon will log errors) until this occurs.
- In this example, we don't care about the IdP secrets. They are baked into the overlay instead of using Docker Secrets. (This is not best practice for an IdP configuration, but that isn't the focus of this example.)
diff --git a/test-compose/configs-and-secrets/grouper/grouper.client.properties b/test-compose/configs-and-secrets/grouper/grouper.client.properties
index 5169c718..dcc50ae7 100644
--- a/test-compose/configs-and-secrets/grouper/grouper.client.properties
+++ b/test-compose/configs-and-secrets/grouper/grouper.client.properties
@@ -55,7 +55,7 @@ grouperClient.webService.login = banderson
# password for shared secret authentication to web service
# or you can put a filename with an encrypted password
-grouperClient.webService.password = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
+grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
################################
@@ -100,7 +100,7 @@ grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
grouper.messaging.system.rabbitmq.user = guest
#pass
-grouper.messaging.system.rabbitmq.password = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
+grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
# TLS Version
#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile
index 85b4e261..cbb3ca2d 100644
--- a/test-compose/data/Dockerfile
+++ b/test-compose/data/Dockerfile
@@ -8,7 +8,8 @@ COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
RUN yum install -y epel-release \
&& yum update -y \
&& yum install -y 389-ds-base 389-admin 389-adminutil mariadb-server mariadb \
- && yum clean all
+ && yum clean all \
+ && rm -rf /var/cache/yum
RUN mysql_install_db \
&& chown -R mysql:mysql /var/lib/mysql/ \
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
index b4547273..79c4bf26 100644
--- a/test-compose/docker-compose.yml
+++ b/test-compose/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
services:
daemon:
build: ./daemon/
- command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; exec daemon"
+ command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://data:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec daemon"
depends_on:
- data
environment:
@@ -13,9 +13,6 @@ services:
- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN=build-2
- logging:
- options:
- tag: "grouper daemon"
networks:
- back
secrets:
@@ -46,9 +43,6 @@ services:
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN=build-2
- logging:
- options:
- tag: "grouper ui"
networks:
- front
- back
@@ -100,9 +94,6 @@ services:
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN=build-2
- logging:
- options:
- tag: "grouoer ws"
networks:
- front
- back
@@ -178,9 +169,6 @@ services:
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN=build-2
- logging:
- options:
- tag: "grouper gsh"
networks:
- back
secrets: