Dockerfile

@@ -3,9 +3,12 @@ FROM centos:centos7 as installing
 RUN yum update -y \
     && yum install -y wget tar unzip dos2unix \
     && yum clean all
+
+ARG GROUPER_CONTAINER_VERSION
 
 ENV GROUPER_VERSION=2.4.0 \
-     JAVA_HOME=/usr/lib/jvm/zulu-8/
+     JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+     GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
 
 # use Zulu package
 RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
@@ -36,6 +39,9 @@ RUN echo 'Downloading Grouper Installer...' \
     && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
 
 COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
+# Temporary morphString file used for building, not used in production
+COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
+
 
 RUN echo 'Installing Grouper'; \
     PATH=$PATH:$JAVA_HOME/bin; \
@@ -47,7 +53,7 @@ RUN echo 'Installing Grouper'; \
 FROM centos:centos7 as cleanup
 
 ENV GROUPER_VERSION=2.4.0 \
-    TOMCAT_VERSION=8.5.12 \    
+    TOMCAT_VERSION=8.5.42 \    
     TOMEE_VERSION=7.0.0
 
 COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
@@ -60,20 +66,20 @@ COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSI
 COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
 COPY --from=installing /etc/alternatives/java /etc/alternatives/java
 
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
 
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD http://central.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
+ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
 
 RUN cd /opt/grouper/grouper.apiBinary/; \
-    rm -fr ddlScripts/ grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
+    rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
 
 RUN cd /opt/tomcat/; \
     chmod +r bin/log4j-*.jar; \
-    rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
+    rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
 
 RUN cd /opt/tomee/; \
     chmod +r bin/log4j-*.jar; \
@@ -86,17 +92,20 @@ COPY container_files/tomcat/ /opt/tomcat/
 COPY container_files/tomee/ /opt/tomee/
 
 
-FROM tier/shibboleth_sp
+FROM tier/shibboleth_sp:3.0.4_03122019
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
       ImageType="Grouper" \
       ImageName=$imagename \
       ImageOS=centos7
+
+ARG GROUPER_CONTAINER_VERSION
 
 ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
     PATH=$PATH:$JAVA_HOME/bin \
-    GROUPER_HOME=/opt/grouper/grouper.apiBinary
+    GROUPER_HOME=/opt/grouper/grouper.apiBinary \
+    GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
 
 RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
 
@@ -138,6 +147,8 @@ WORKDIR /opt/grouper/grouper.apiBinary/
 
 EXPOSE 80 443
 
+HEALTHCHECK NONE
+
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 
 CMD ["bin/gsh", "-loader"]

Jenkinsfile

@@ -21,12 +21,11 @@ pipeline {
                         echo "You must define an imagename in common.bash"
                         currentBuild.result = 'FAILURE'
                      }
-                    sh 'mkdir -p bin'
-                    sh 'mkdir -p tmp'
+                    sh 'mkdir -p tmp && mkdir -p bin'
                     dir('tmp'){
                       git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
-                      sh 'ls'
-                      sh 'mv bin/* ../bin/.'
+                      sh 'rm -rf ../bin/*'
+                      sh 'mv ./bin/* ../bin/.'
                     }
                     // Build and test scripts expect that 'tag' is present in common.bash. This is necessary for both Jenkins and standalone testing.
                     // We don't care if there are more 'tag' assignments there. The latest one wins.
@@ -53,7 +52,7 @@ pipeline {
                 script {
                   try{
                       docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
-                        baseImg = docker.build("$maintainer/$imagename", "--no-cache .")
+                        baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
                       }
                   } catch(error) {
                      def error_details = readFile('./debug');

README.md

@@ -1,4 +1,10 @@
-[![Build Status](https://jenkins.testbed.tier.internet2.edu/job/docker/job/grouper/job/master/badge/icon)](https://jenkins.testbed.tier.internet2.edu/job/docker/job/grouper/job/master/)
+[![Build Status](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/master)](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/master)
+
+
+
+This repository contains the source code used to create the InCommon Trusted Access Platform Grouper container. This standalone container is pushed to Dockerhub, various tags are available at the following URL: https://hub.docker.com/r/tier/grouper/tags. This repo can also be cloned and the container built locally. 
+
+The test-compose directory contains an example Grouper environment that starts up the various Grouper components. This example demonstrates how one might go about customizing and deploying their Grouper containers, using the TIER Grouper image as a base image. If evaluating Grouper, this is a good place to start. 
 
 
 # Upgrading from 2.3 to 2.4
@@ -10,17 +16,20 @@ In particular, in subject.properties, *.param.base.value should be adjusted to o
 
 Additional upgrade information can be found at the following URL: https://spaces.at.internet2.edu/display/Grouper/v2.4+Upgrade+Instructions+from+v2.3
 
+
+
 # Supported tags
 
 -	latest
--   patch specific tags* (i.e. 2.3.0-a97-u41-w11-p16)
+-   patch specific tags with date timestamp* (i.e. 2.4.0-80-u51-w10-p11-20191118)
 
 \* Patch builds are routinely produced, but not necessarily for each patch release. The following monikers are used to construct the tag name:
 
 - a = api patch number
 - u = ui patch number
 - w = ws patch number
 - p = pspng patch number
+- last field = the year, month and day the image was built
 
 # Quick reference
 
@@ -167,7 +176,7 @@ For passing full files into the container, this container will make any secrets
 Docker Secrets can also be used to pass in strings, such as a database connection string password, into the component config. To pass in the Grouper database connection string, one might set the property and value as such:
 
 ```text
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(new("java.io.File", java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE')), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
 ```
 
 Note that the default property name has been changed by appending `.elConfig`. (This causes Grouper to evaluate the string before saving the value.) The expression allows deployers to use a file containing only the database password as a Docker Secret and reference the file name via the `GROUPER_DATABASE_PASSWORD_FILE` environment property. This allows the config files to be baked into the image, if desired. Also, but not recommended, the database password could just be set in the Docker Service definition as an environment variable, `GROUPER_DATABASE_PASSWORD`. (Technically the expression can be broken up and just the desired functionality used.) Of course, using Grouper's MorphString functionality is supported and likely is the best option, but does require more effort in setting it up.

container_files/grouper.installer.properties

@@ -14,9 +14,12 @@ grouperInstaller.default.installOrUpgrade = install
 ##
 ##############################
 
+grouperInstaller.autorun.forceInstallPatch = t
 grouperInstaller.autorun.installAllPatches = false
 grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
-grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_2,grouper_v2_4_0_ui_patch_0,grouper_v2_4_0_ws_patch_0,grouper_v2_4_0_pspng_patch_0
+# 2.4.0-a93-u56-w11-p12-20200214-rc1
+grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_93,grouper_v2_4_0_ui_patch_56,grouper_v2_4_0_ws_patch_11,grouper_v2_4_0_pspng_patch_12
+
 
 #### set this to true to try to use defaults for everything.  Only things without default values will need to be set
 grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true

container_files/httpd/grouper-www.conf

@@ -7,6 +7,10 @@ ProxyPass /grouper ajp://localhost:8009/grouper  timeout=2400
 ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws  timeout=2400
 ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim  timeout=2400
 
+RewriteEngine on
+RewriteCond %{REQUEST_URI} "^/$"
+RewriteRule . %{REQUEST_SCHEME}://%{HTTP_HOST}/grouper/ [R=301,L]
+
 <Location /grouper>
   AuthType shibboleth
   ShibRequestSetting requireSession 1

container_files/morphString.properties

@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5

test-compose/data/Dockerfile

@@ -11,7 +11,7 @@ RUN yum install -y epel-release \
     && yum clean all \
     && rm -rf /var/cache/yum
 
-RUN mysql_install_db \
+RUN mysql_install_db --force \
     && chown -R mysql:mysql /var/lib/mysql/ \
     && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
     && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \