diff --git a/Dockerfile b/Dockerfile
index 6fdf32bd..6d868784 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,99 +1,57 @@
FROM centos:centos7 as installing
-
RUN yum update -y \
&& yum install -y wget tar unzip dos2unix \
&& yum clean all
+RUN yum install -y wget tar unzip dos2unix
+
ARG GROUPER_CONTAINER_VERSION
-
-ENV GROUPER_VERSION=2.4.0 \
- JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+ENV GROUPER_VERSION=2.5.12 \
GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-# use Zulu package
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
- && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
- && yum -y install zulu-8
-
-#RUN java_version=8.0.172; \
-# zulu_version=8.30.0.1; \
-# echo 'Downloading the OpenJDK Zulu...' \
-# && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
-# && echo "0a101a592a177c1c7bc63738d7bc2930 zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
-# && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
-# && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
-
-#RUN java_version=8u151; \
-# java_bnumber=12; \
-# java_semver=1.8.0_151; \
-# java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
-# echo 'Downloading the Oracle Java...' \
-# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
-# http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
-# && echo "$java_hash server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
-# && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
-# && ln -s /opt/jdk$java_semver/ $JAVA_HOME
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O -L $CORRETTO_URL_PERM \
+ && rpm --import corretto-signing-key.pub \
+ && rpm -K $CORRETTO_RPM \
+ && rpm -i $CORRETTO_RPM \
+ && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
RUN echo 'Downloading Grouper Installer...' \
&& mkdir -p /opt/grouper/$GROUPER_VERSION \
- && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
-
+ && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar
COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
# Temporary morphString file used for building, not used in production
COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
-
-
RUN echo 'Installing Grouper'; \
PATH=$PATH:$JAVA_HOME/bin; \
cd /opt/grouper/$GROUPER_VERSION/ \
&& $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
-
-
-
FROM centos:centos7 as cleanup
-
-ENV GROUPER_VERSION=2.4.0 \
- TOMCAT_VERSION=8.5.42 \
+ENV GROUPER_VERSION=2.5.12 \
TOMEE_VERSION=7.0.0
-
+RUN mkdir -p /opt/grouper/grouperWebapp/
+RUN mkdir -p /opt/tomee/
COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
-#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/tomee/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/webapp/ /opt/grouper/grouperWebapp/
+RUN ls /opt/grouper/grouperWebapp/
COPY --from=installing /etc/alternatives/java /etc/alternatives/java
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
-
-RUN cd /opt/grouper/grouper.apiBinary/; \
- rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
-
-RUN cd /opt/tomcat/; \
- chmod +r bin/log4j-*.jar; \
- rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
-
+RUN ls /opt/grouper/
+RUN ls /opt/grouper/grouperWebapp/WEB-INF
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
RUN cd /opt/tomee/; \
- chmod +r bin/log4j-*.jar; \
rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
-
-COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
-COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat/ /opt/tomcat/
+COPY container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/
+COPY container_files/ui/ /opt/grouper/grouperWebapp/WEB-INF/classes/
COPY container_files/tomee/ /opt/tomee/
-
-
FROM tier/shibboleth_sp:3.0.4_03122019
-
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
ImageType="Grouper" \
@@ -101,54 +59,33 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageOS=centos7
ARG GROUPER_CONTAINER_VERSION
-
-ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto \
PATH=$PATH:$JAVA_HOME/bin \
- GROUPER_HOME=/opt/grouper/grouper.apiBinary \
+ GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF \
GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-
RUN yum update -y \
- && yum install -y cron logrotate python-pip \
+ && yum install -y cron logrotate python-pip rsync \
&& pip install --upgrade pip \
&& pip install supervisor \
&& yum clean -y all
-
COPY --from=installing $JAVA_HOME $JAVA_HOME
-COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
COPY --from=cleanup /opt/tomee/ /opt/tomee/
COPY --from=cleanup /opt/grouper/ /opt/grouper/
-
RUN groupadd -r tomcat \
&& useradd -r -m -s /sbin/nologin -g tomcat tomcat \
- && mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/ \
- && ln -s $JAVA_HOME/bin/java /etc/alternatives/java
-
-# does shib sp3 not generate these files?
-# RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
+ && chown -R tomcat:tomcat /opt/tomee \
+ && ln -s $JAVA_HOME/bin/java /etc/alternatives/java \
+ && mkdir -p /opt/tomee/conf/Catalina/localhost/
COPY container_files/tier-support/ /opt/tier-support/
COPY container_files/usr-local-bin/ /usr/local/bin/
COPY container_files/httpd/* /etc/httpd/conf.d/
COPY container_files/shibboleth/* /etc/shibboleth/
+RUN cp /dev/null /etc/httpd/conf.d/ssl.conf
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
- && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
- && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-
-WORKDIR /opt/grouper/grouper.apiBinary/
-
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
EXPOSE 80 443
-
HEALTHCHECK NONE
-
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
-CMD ["bin/gsh", "-loader"]
+CMD ["bin/gsh.sh", "-loader"]
diff --git a/Jenkinsfile b/Jenkinsfile
index 3ed439e5..98b3afb7 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -51,12 +51,13 @@ pipeline {
steps {
script {
try{
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+ // statically defining jenkins credential value dockerhub-tier
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
}
} catch(error) {
def error_details = readFile('./debug');
- def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
@@ -70,7 +71,7 @@ pipeline {
sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
- def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
@@ -81,21 +82,8 @@ pipeline {
stage('Push') {
steps {
script {
- //// scan the image with clair
- // sh 'docker run -p 5432:5432 -d --name clairdb arminc/clair-db:latest'
- // sh 'docker run -p 6060:6060 --link clairdb:postgres -d --name clair arminc/clair-local-scan:v2.0.5'
- // sh 'curl -L -o clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64'
- // sh 'chmod 755 clair-scanner'
- // sh "./clair-scanner --ip 172.17.0.1 -r test.out $maintainer/$imagename:latest"
- //// test the environment
- // sh 'docker kill clairdb'
- // sh 'docker rm clairdb'
- // sh 'docker kill clair'
- // sh 'docker rm clair'
- // sh 'cd test-compose && ./compose.sh'
- //// bring down after testing
- //sh 'cd test-compose && docker-compose down'
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+ // statically defining jenkins credential value dockerhub-tier
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
baseImg.push("$tag")
}
}
diff --git a/README.md b/README.md
index 691033e4..0707ce81 100644
--- a/README.md
+++ b/README.md
@@ -1,365 +1,8 @@
-[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/master)
+# Not ready for production or testing yet
+[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/2.5.11-beta)
-This repository contains the source code used to create the InCommon Trusted Access Platform Grouper container. This standalone container is pushed to Dockerhub, various tags are available at the following URL: https://hub.docker.com/r/tier/grouper/tags. This repo can also be cloned and the container built locally.
-
-The test-compose directory contains an example Grouper environment that starts up the various Grouper components. This example demonstrates how one might go about customizing and deploying their Grouper containers, using the TIER Grouper image as a base image. If evaluating Grouper, this is a good place to start.
-
-
-# Upgrading from 2.3 to 2.4
-
-If upgrading from Grouper version 2.3 to 2.4 and using LDAP, modifications will be needed in subject.properties and grouper-loaders.proprties. Further details about this can be found at the following URL:
-https://spaces.at.internet2.edu/display/Grouper/vt-ldap+to+ldaptive+migration+for+LDAP+access
-
-In particular, in subject.properties, *.param.base.value should be adjusted to only contain the RDN (Relative Distinguished Name), not the full DN. For example, "OU=People", not "OU=People,DC=domain,DC=edu"
-
-Additional upgrade information can be found at the following URL: https://spaces.at.internet2.edu/display/Grouper/v2.4+Upgrade+Instructions+from+v2.3
-
-
-
-# Supported tags
-
-- latest
-- patch specific tags with date timestamp* (i.e. 2.4.0-80-u51-w10-p11-20191118)
-
-\* Patch builds are routinely produced, but not necessarily for each patch release. The following monikers are used to construct the tag name:
-
-- a = api patch number
-- u = ui patch number
-- w = ws patch number
-- p = pspng patch number
-- last field = the year, month and day the image was built
-
-# Quick reference
-
-- **Where to get help**:
- [tier-packaging@internet2.edu](mailto:tier-packaging@internet2.edu?subject=Grouper%20Image%20Help)
-
-- **Where to file issues**:
- [https://github.internet2.edu/docker/grouper/issues](https://github.internet2.edu/docker/grouper/issues)
-
-- **Maintained by**:
- [TIER Packaging Working Group](https://spaces.internet2.edu/display/TPWG)
-
-- **Supported Docker versions**:
- [the latest release](https://github.com/docker/docker-ce/releases/latest) (down to 1.6 on a best-effort basis)
-
-# What is Grouper?
-
-Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk.
-
-> [www.internet2.edu/products-services/trust-identity/grouper/](https://www.internet2.edu/products-services/trust-identity/grouper/)
-
-
-
-# How to use this image
-
-This image provides support for each of the Grouper components/roles: Grouper Daemon/Loader, Grouper UI, Grouper Web Services, and Grouper SCIM Server.
-
-## Starting each role
-
-While TIER recommends/supports using Docker Swarm for orchestrating the Grouper environment, these containers can be run directly (or with other orchestration products). Both examples are shown below. It should be noted that these examples will not run independently, but required additional configuration to be provided before each container will start as expected.
-
-### Daemon/Loader
-
-Run the Grouper Daemon/Loader as a service. If the daemon/loader container dies unexpectedly, it may be due to memory contraints. Refer to the "Grouper Shell/Loader" section below for information on how to tweak memory settings.
-
-```console
-$ docker service create --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-Run the Grouper Daemon/Loader as a standalone container.
-
-```console
-$ docker run --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-### SCIM Server
-
-Runs the Grouper SCIM Server as a service.
-
-```console
-$ docker service create --detach --publish 9443:443 --name grouper-ws tier/grouper:latest scim
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 9443:443 --name grouper-daemon tier/grouper:latest scim
-```
-
-### UI
-
-Runs the Grouper UI as a service.
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-ui tier/grouper:latest ui
-```
-
-Runs the Grouper UI in a standalone container.
-
-```console
-$ docker run --detach --name --publish 443:443 grouper-ui tier/grouper:latest ui
-```
-
-### Web Services
-
-Runs the Grouper Web Services as a service.
-
-```console
-$ docker service create --detach --publish 8443:443 --name grouper-ws tier/grouper:latest ws
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 8443:443 --name grouper-daemon tier/grouper:latest ws
-```
-
-### UI and Web Services
-
-> This method is good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-Runs the Grouper UI and Web Services as a combined service. (You should really run these as individual roles to take advantage of Docker service replicas.)
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-Runs the Grouper UI and Web Services in a combined container. This good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-```console
-$ docker run --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-### GSH
-
-Runs the Grouper Shell in a throwaway container. This makes it easy to run Grouper commands and Grouper Shell scripts. Since it is interactive it does not run as a service.
-
-```console
-$ docker run -it --rm tier/grouper:latest bin/gsh <optional GSH args>
-```
-
-# Configuration
-
-## Grouper Configurations
-
-There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up.
-
-Grouper config files maybe placed into `/opt/grouper/conf` and these files will be put into the appropriate location based on the role the container assumes. Docker Secrets starting with the name `grouper_` should take precedence over these files. (See below.)
-
-## Web Apps Configuration
-
-If starting the container to serve the Grouper UI, Grouper Web Services, Grouper SCIM Server components, a TLS key and cert(s) need to be applied to those containers.
-
-The Grouper UI also requires some basic Shibboleth SP configuration. The `/etc/shibboleth/shibboleth2.xml` file should be modified to set:
-- an entityId for the SP
-- load IdP or federation metadata
-- set the SP's encryption keys
-- the identity attribute of the subject to be passed to Grouper
-
-If encryption keys are defined in the `shibboleth2.xml` file, then the key/cert files should be provided as well. The `attribute-map.xml` file has most of the common identity attributes pre-configured, but it (and other Shibboleth SP files) can be overlaid/replaced as necessary.
-
-(See the section below.)
-
-## General Configuration Mechanism
-
-There are three primary ways to provide Grouper and additional configuration files to the container: Docker Config/Secrets, customized images, and bind mounts. Depending upon your needs you may use a combination of two or three of these options.
-
-### Secrets/Configs
-
-Docker Config and Docker Secrets are Docker's way of providing configurations files to a container at runtime. The primary difference between the Config and Secrets functionality is that Secrets is designed to protect resources/files that are sensitive.
-
-For passing full files into the container, this container will make any secrets with secret names prepended with `grouper_` available to the appropriate Grouper component's conf directory (i.e. `<GROUPER_HOME>/conf` or `WEB-INF/classes`). Any secrets with secret names starting with `shib_` will be available in the Shibboleth SP `/etc/shibboleth/` directory. Any secrets with secret names starting with `httpd_` will be available to `/etc/httpd/conf.d` directory. Finally, if a secret with the name of `host-key.pem` will be mapped to the httpd TLS cert used by Grouper UI, Grouper WS, and Grouper SCIM Server containers. These files will supercede any found in the underlying image.
-
-Docker Secrets can also be used to pass in strings, such as a database connection string password, into the component config. To pass in the Grouper database connection string, one might set the property and value as such:
-
-```text
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(new("java.io.File", java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE')), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
-```
-
-Note that the default property name has been changed by appending `.elConfig`. (This causes Grouper to evaluate the string before saving the value.) The expression allows deployers to use a file containing only the database password as a Docker Secret and reference the file name via the `GROUPER_DATABASE_PASSWORD_FILE` environment property. This allows the config files to be baked into the image, if desired. Also, but not recommended, the database password could just be set in the Docker Service definition as an environment variable, `GROUPER_DATABASE_PASSWORD`. (Technically the expression can be broken up and just the desired functionality used.) Of course, using Grouper's MorphString functionality is supported and likely is the best option, but does require more effort in setting it up.
-
-Secrets can be managed using the `docker secret` command: `docker secret create grouper_grouper.hibernate.properties ./grouper.hibernate.properties`. This will securely store the file in the swarm. Secrets can then be assigned to the service `docker service create -d --name daemon --secret grouper_grouper.hibernate.properties --secret grouper_sources.xml tier/grouper daemon`.
-
-> `docker run` does not support secrets; Bind mounts need to be used instead, which is technically what Docker Compose does when not running against a Swarm.
-
-### Bind Mounts
-
-Bind mounts can be used to connect files/folders on the Docker host into the container's file system. Unless running in swarm mode, Docker Secrets are not supported, so we can use a bind mount to provide the container with the configuration files.
-
-```console
-$ docker run --detach --name daemon \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- --mount type=bind,src=$(pwd)/sources.xml,dst=/run/secrets/grouper_sources.xml \
- tier/grouper daemon
-```
-
-### Customized Images
-
-Deployers will undoubtedly want to add in their files to the container. Things like additional jar files defining Grouper Hooks, or things like images and css files. This can be accomplished by building custom images. **Deployers should NOT use this method to store sensitive configuration files.**
-
-To add a favicon to the Grouper UI, we use the tier/grouper images as a base and `COPY` our local `favicon.ico` into the image. While we are at it, we define this image as a UI image by specifying the default commnd (i.e `CMD`) of `ui`.
-
-```Dockerfile
-FROM tier/grouper:latest
-
-COPY favicon.ico /opt/grouper/grouper.ui/
-
-CMD ui
-```
-
-To build our image:
-
-```console
-$ docker build --tag=org/grouper-ui .
-```
-
-This image can now be used locally or pushed to an organization's Docker repository.
-
-
-## Environment Variables
-
-Deployers can set runtime variables to both the Grouper Shell and Loader/Daemon and to Tomcat/Tomcat EE using environment variables. These can be set using the `docker run` and `docker service creates`'s `--env` paramater.
-
-### Grouper Shell/Loader
-
-The following environment variables are used by the Grouper Shell/Loader:
-- MEM_START: corresponds to the java's `-Xms`. (default is 64m)
-- MEM_MAX: corresponds to java's `-Xmx`. (default is 750m)
-
-### Tomcat/TomEE
-
-Amongst others variables defined in the `catalina.sh`, the following variables would like be useful for deployers:
-- CATALINA_OPTS: Java runtime options to only be used by Tomcat itself.
-
-# File System Endpoints
-
-Here is a list of significant directories and files that deployers should be aware of:
-
-- `/opt/grouper/conf/`: a common directory to place non-sensitive config files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/lib/`: a common directory to place additional jar files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/grouper.apiBinary/`: location to overlay Grouper GSH or Daemon/Loader files.
-`/opt/grouper/grouper.scim/`: location for overlaying Grouper SCIM Server web application files (expanded `grouper-ws-scim.war`).
-- `/opt/grouper/grouper.ui/`: location for overlaying Grouper UI web application files (expanded `grouper.war`).
-- `/opt/grouper/grouper.ws/`: location for overlaying Grouper Web Services web application files (expanded `grouper-ws.war`).
-- `/etc/httpd/conf.d/ssl-enabled.conf`: Can be overlaid to change the TLS settings when running Grouper UI or Web Servicse.
-- `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image.
-- `/opt/tomcat/`: used to run Grouper UI and Grouper WS
-- `/opt/tomee/`: used to run the Grouper SCIM Server.
-- `/var/run/secrets`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above.
-- `/usr/lib/jvm/zulu-8/jre/lib/security/cacerts`: location of the Java trust store.
-
-To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these file system endpoints. While the container is running one may copy files out of the image/container using something like `docker cp containerId:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the Docker client's present working directory. These files can then be edited and applied via the mechanisms outlined above.
-
-# Web Application Endpoints
-
-Here is a list of significant web endpoints that deployers should be aware of:
-
-- `/grouper/`: location of the Grouper UI application
-- `grouper-ws/`: location of the Grouper WS application.
-- `/grouper-ws-scim/`: location of the Grouper SCIM Server application.
-
-The endpoint that is available is dependent upon the role of the container.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure to the user created with schema manipulation privileges as the db user.
-
-Next populate the database by using the following command.
-
-```console
-$ docker run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Note: a less privileged database user maybe used when running the typical Grouper roles. This user needs SELECT, INSERT, UPDATE, and DELETE privileges on the schema objects.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure that the user is created with schema manipulation privileges.
-
-Next populate the database by using the following command.
-
-```console
-$ docker container run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Also, it is possible to just connect directly to the container, create the DDL, and copy it out. This is necessary if your DBAs would prefer to manually execute the DDL to create the schema objects:
-
-```console
-$ docker container run -it --name grouper \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper
-
- gsh -registry -check
-
- exit
-
-$ docker container cp grouper:/opt/grouper/grouper.apiBinary/ddlScripts/ .
-$ docker container rm -f grouper
-```
-The generated DDL will be on the host in the `ddlScripts` directory.
-
-Note: A less privileged database user maybe used when running the typical Grouper roles. This user just needs SELECT, INSERT, UPDATE, and DELETE privileges on the tables and views. Running in this configuration requires DBAs to manually run the DDL scripts.
-
-# Configuring the embedded Shibboleth SP
-
-The Shibboleth SP needs to be configured to integrate with one or more SAML IdPs. Reference the Shibboleth SP documentation for specific instructions, but here is information on generating an encryption key/cert pair and mounting them (all of which are environment specific) and the shibboleth2.xml into the container.
-
-1. Start a temporary container and generate the key/cert pair:
- ```
- $ docker container run -it --name grouper \
- tier/grouper bash
-
- cd /etc/shibboleth
- ./keygen.sh -f -h <public_hostname>
- exit
- ```
-
-1. Copy the key, cert, and `shibboleth2.xml` files out of the container (and remove the container)
- ```console
- $ docker container cp grouper:/etc/shibboleth/shibboleth2.xml .
- $ docker container cp grouper:/etc/shibboleth/sp-cert.pem .
- $ docker container cp grouper:/etc/shibboleth/sp-key.pem .
-
- $ docker container rm grouper
- ```
-
-1. After updating the `shibboleth2.xml` file, save the key, cert, and shibboleth2.xml as secrets/config:
- ```console
- $ docker secret create sp-key.pem sp-key.pem
- $ docker config create sp-cert.pem sp-cert.pem
- $ docker config create shibboleth2.xml shibboleth2.xml
- ```
-
-1. Add the following to the UI service creation command to mount the environment specific settings:
- ```
- --secret source=sp-key.pem.pem,target=shib_sp-key.pem \
- --config source=sp-cert.pem,target=/etc/shibboleth/sp-cert.pem \
- --config source=shibboleth2.xml,target=/etc/shibboleth/shibboleth2.xml \
- ```
-
-# Logging
-
-This image outputs logs in a manner that is consistent with Docker Logging. Each log entry is prefaced with the submodule name (e.g. shibd, httpd, tomcat, grouper), the logfile name (e.g. access_log, grouper_error.log, catalina.out) and user definable environment name and a user definable token. Content found after the preface will be specific to the application ands its logging configuration.
-
-> Note: If customizing a particular component's logging, it is recommended that the file be source from the image (`docker container cp`) or from the image's source repository.
-
-To assign the "environment" string, set the environment variable `ENV` when defining the Docker service. For the "user defined token" string, use the environment variable of `USERTOKEN`.
-
-An example might look like the following, with the env of "dev" and the usertoken of "build-2"
-
-```text
-shibd shibd.log dev build-2 2018-03-27 20:42:22 INFO Shibboleth.Listener : listener service starting
-grouper-api grouper_event.log dev build-2 2018-03-27 21:10:00,046: [DefaultQuartzScheduler_Worker-1] INFO EventLog.info(156) - - [fdbb0099fe9e46e5be4371eb11250d39,'GrouperSystem','application'] session: start (0ms)
-tomcat console dev build-2 Grouper starting up: version: 2.3.0, build date: null, env: <no label configured>
-```
-
# Misc Notes
- [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is enabled on the Apache HTTP Server.
diff --git a/common.bash b/common.bash
index 22fbc6a9..cc96a899 100644
--- a/common.bash
+++ b/common.bash
@@ -1,2 +1,2 @@
-maintainer="tier"
+maintainer="i2incommon"
imagename="grouper"
diff --git a/container_files/grouper.installer.properties b/container_files/grouper.installer.properties
index c63c9d5f..207d0d61 100644
--- a/container_files/grouper.installer.properties
+++ b/container_files/grouper.installer.properties
@@ -1,46 +1,4 @@
-# this should be before the version number
download.server.url = https://software.internet2.edu/grouper
-# default version to install
-grouper.version = 2.4.0
-# print out autorun keys in prompts so you can easily see how to configure the autorun
-grouperInstaller.print.autorunKeys = true
-# default to install or upgrade (default is install)
-grouperInstaller.default.installOrUpgrade = install
-
-##############################
-## Autorun properties
-##
-## If you uncomment one of these properties it will be used as empty, only uncomment to use
-##
-##############################
-
-grouperInstaller.autorun.forceInstallPatch = t
-grouperInstaller.autorun.installAllPatches = false
-grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
-# 2.4.0-a91-u56-w11-p12-20200210-rc1
-grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_91,grouper_v2_4_0_ui_patch_56,grouper_v2_4_0_ws_patch_11,grouper_v2_4_0_pspng_patch_12
-
-
-#### set this to true to try to use defaults for everything. Only things without default values will need to be set
+grouperInstaller.default.installOrUpgrade = buildContainer
grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
-########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
-## Note: not all of them need to be filled out for all operations
-# autorun grouper system password (its not secure to have a plain text pass in a config file)
-grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX
-
-grouperInstaller.autorun.deleteAndInitDatabase = t
-grouperInstaller.autorun.addQuickstartData = f
-grouperInstaller.autorun.installClient = f
-
-grouperInstaller.autorun.installGrouperActiveMqMessaging = f
-grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
-grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
-grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-# disable installing pspng, for now
-grouperInstaller.autorun.installPspng = t
-grouperInstaller.autorun.installPsp = f
+grouperInstaller.webAppWillBeInContainer = /opt/grouper/grouperWebapp
diff --git a/container_files/httpd/grouper-www.conf b/container_files/httpd/grouper-www.conf
index 562e47c6..1f948fd9 100644
--- a/container_files/httpd/grouper-www.conf
+++ b/container_files/httpd/grouper-www.conf
@@ -3,9 +3,9 @@ Timeout 2400
ProxyTimeout 2400
ProxyBadHeader Ignore
-ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400
-ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400
-ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim timeout=2400
+ProxyPass /grouper ajp://localhost:8009/grouperWebapp timeout=2400
+ProxyPass /grouper-ws ajp://localhost:8009/grouperWebapp timeout=2400
+ProxyPass /grouper-ws-scim ajp://localhost:8009/grouperWebapp timeout=2400
RewriteEngine on
RewriteCond %{REQUEST_URI} "^/$"
diff --git a/container_files/java-corretto/corretto-signing-key.pub b/container_files/java-corretto/corretto-signing-key.pub
new file mode 100644
index 00000000..b0198ed7
--- /dev/null
+++ b/container_files/java-corretto/corretto-signing-key.pub
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBF3pShkBEADJzglehQDFlc1+9VFubVPzpq8ZYtzmJkNjf09scOUzaKZOm3Ar
+mPh9Rufk4mB7t1LP4JeHAKAS17ggCHGVxRGXAAQ9Laf8ibX4SiFO3Ehyyl3smuFf
+ZhexBnvc7vRc4EUlKqarCQRUlaraDOrmq7WbhXdvCgc4u2uBLwUjAd3PHQUByAZw
+lsEQzpQnehNomjrE0pO6ms9AhmpbXlf/yr14EXvlo4lTd8QUdvS+AOCYfrHb9WGO
+IEsyyDuzuf2grV/QFpoi0VBhTCyiNYXla2AfCreMGlOCYsjw1nU93OyAqF3SaTOC
+o52yrzcb2NpbBDwRXOHNwe1md+DbRwEfkaWr5I91FqRpgEeawqyxY1miJRHduhsz
+WTgTMBF/EQfmTspD2YBX/BjNJTrdDXYvACX8slVV/vBnpi+dEpVEK3hh21ij991S
+lv8YoFnoC7XP44C7WNpVQpGW9ZWpnjLCvm3DMKW0r3Vfb3XDYhnHI1Q14Pxn0cwf
+x1L2RA4doyWd1TRZBFBe2f0vSkZT0YFaibKaKi6AkDIMU/+u+/e3wWbYXqzsSITj
+ffMkpMMNSwxbm8JqnsudjuzdEsYAiBUcFMwWysQDcyu63un2OmLKLfKxy19vCpS1
+8mkNy95JuO4jZtu+IiinvSSjlbJmslu3uK3/cTRsWaB7BRtHewE7SugMOwARAQAB
+tEhBbWF6b24gU2VydmljZXMgTExDIChBbWF6b24gQ29ycmV0dG8gcmVsZWFzZSkg
+PGNvcnJldHRvLXRlYW1AYW1hem9uLmNvbT6JAjEEEwECABsFAl3pShkCGy8FCQlm
+AYAFFQgKCQsCHgECF4AACgkQoSJUKrBPJOOJDg/6AqmntaxDWX6qfR++0qwtD9Lp
+vgONFvA+9AYQeGt7OX79O/SSPy97Kvn6DYRBdelShTAH60DbXCUs42sIRFqRjmHY
+HfIgOkUJjWoJz9oQnY+mzAKbOohCrR+YIvyCegFb0dboDaqSQ4w68+d1is7L84pz
+ZB2j0nrQDbFihPmR+epfHkLUGGywuZHCdEFfD8nXMOJeVbgSzf7Vhl8ZrydIkZTI
+7aASG5MkDO/GuVpEGQYAnH9h/jzJlfUKndswC6UFcM5Ol07pDPdHVBAi9q1SyxDe
+uSS1NgDW7OW7zgpB+4/PrZKKiEP/fBAWa9nFSLwTaMdsoaAuQAmmgbqYfy3XXKK7
+IBaKSnJpQDvNb0vmXJEY3qX2Bfh0p1KCeaQhYwIJi8rPQWC24fiLY9bdCIlkbbPQ
+CSNOEq9nUWRg9KbUGmd/PWSkT6Jheyq3BZBF1YPYEt8o/l437HHd08lREqH0sana
+Hb72GZTi2RUrNBBp5C1e8MqllXE6RKmri2m0TSBHR5C4ZLII9duyA839dYIA4KGU
+nmetZckuRuwHFmd3/YWtMEfn47UedzhVT16z3OvBipHU1BKzLGcvUFXrUKvpJQlh
+dNPUQh+wb91EzItjkJ96m+N+81iQdN3yd8cE38NTA8b+Qc7tmTYxwNZxcv16FxLA
+y2VhKc09A8RwSI69vDs=
+=ZNRH
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/container_files/tier-support/grouper-ws-scim.xml b/container_files/tier-support/grouper-ws-scim.xml
deleted file mode 100644
index bb15b17a..00000000
--- a/container_files/tier-support/grouper-ws-scim.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<Context docBase="/opt/grouper/grouper.scim/" path="/grouper-ws-scim" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
-
-
diff --git a/container_files/tier-support/grouper-ws.xml b/container_files/tier-support/grouper-ws.xml
deleted file mode 100644
index b9aa6478..00000000
--- a/container_files/tier-support/grouper-ws.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<Context docBase="/opt/grouper/grouper.ws/" path="/grouper-ws" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
diff --git a/container_files/tier-support/grouper.xml b/container_files/tier-support/grouper.xml
index 22cfbd8a..fbc77266 100644
--- a/container_files/tier-support/grouper.xml
+++ b/container_files/tier-support/grouper.xml
@@ -1,4 +1,4 @@
-<Context docBase="/opt/grouper/grouper.ui/" path="/grouper" reloadable="false">
+<Context docBase="/opt/grouper/grouperWebapp/" path="/grouperWebapp" reloadable="false">
<!-- Allow our symlinks to work-->
<Resources allowLinking="true" />
</Context>
diff --git a/container_files/tier-support/supervisord-tomee.conf b/container_files/tier-support/supervisord-tomee.conf
index 35e19488..63cfb278 100644
--- a/container_files/tier-support/supervisord-tomee.conf
+++ b/container_files/tier-support/supervisord-tomee.conf
@@ -21,6 +21,14 @@ stderr_logfile_maxbytes=0
stdout_logfile = /tmp/loghttpd
stdout_logfile_maxbytes=0
+[program:shibbolethsp]
+user=shibd
+command=/usr/sbin/shibd -f -F
+stderr_logfile = /tmp/logshidb
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/logshidb
+stdout_logfile_maxbytes=0
+
[program:tomee]
user=tomcat
command=/opt/tomee/bin/catalina.sh run
diff --git a/container_files/tomcat/conf/server.xml b/container_files/tomcat/conf/server.xml.disabled
similarity index 100%
rename from container_files/tomcat/conf/server.xml
rename to container_files/tomcat/conf/server.xml.disabled
diff --git a/container_files/tomee/conf/server.xml b/container_files/tomee/conf/server.xml.disabled
similarity index 99%
rename from container_files/tomee/conf/server.xml
rename to container_files/tomee/conf/server.xml.disabled
index e5c89967..e09ea6fc 100644
--- a/container_files/tomee/conf/server.xml
+++ b/container_files/tomee/conf/server.xml.disabled
@@ -161,4 +161,4 @@
</Host>
</Engine>
</Service>
-</Server>
\ No newline at end of file
+</Server>
diff --git a/container_files/ui/web.xml b/container_files/ui/web.xml
deleted file mode 100644
index f3aa302f..00000000
--- a/container_files/ui/web.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
- <filter>
- <filter-name>GrouperUi</filter-name>
- <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
- </filter>
- <filter>
- <filter-name>CSRFGuard</filter-name>
- <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>*.jsp</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/appHtml/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>CSRFGuard</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <listener>
- <listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
- </listener>
- <servlet>
- <servlet-name>StatusServlet</servlet-name>
- <display-name>Status Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>UiServlet</servlet-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>StatusServlet</servlet-name>
- <url-pattern>/status</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
- </servlet-mapping>
-</web-app>
diff --git a/container_files/usr-local-bin/gsh b/container_files/usr-local-bin/gsh
index e65979ab..1473da7e 100755
--- a/container_files/usr-local-bin/gsh
+++ b/container_files/usr-local-bin/gsh
@@ -6,4 +6,4 @@ prepDaemon
export GSH_JVMARGS="$GSH_JVMARGS -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-exec bin/gsh "$@" | tee /tmp/loggrouper
+exec bin/gsh.sh "$@" | tee /tmp/loggrouper
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
index 5d3790af..c1a1f224 100755
--- a/container_files/usr-local-bin/library.sh
+++ b/container_files/usr-local-bin/library.sh
@@ -1,5 +1,12 @@
#!/bin/sh
+dest=/opt/grouper/grouperWebapp/WEB-INF/
+
+if [ -d "/opt/grouper/slashRoot" ]; then
+ # Copy any files into the root filesystem
+ rsync -l -r -v /opt/grouper/slashRoot/ /
+fi
+
setupPipe() {
if [ -e $1 ]; then
rm $1
@@ -31,7 +38,7 @@ setupShibdLogPipe() {
setupTomcatLogPipe() {
setupPipe /tmp/logtomcat
- (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomee;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
}
setupSupervisordLogPipe() {
@@ -45,7 +52,7 @@ linkGrouperSecrets() {
local file=$(echo $label_file| cut -d'_' -f 2)
if [[ $label_file == grouper_* ]]; then
- ln -sf /run/secrets/$label_file $1/$file
+ ln -sf /run/secrets/$label_file $dest/classes/$file
elif [[ $label_file == shib_* ]]; then
ln -sf /run/secrets/$label_file /etc/shibboleth/$file
elif [[ $label_file == httpd_* ]]; then
@@ -57,16 +64,19 @@ linkGrouperSecrets() {
}
prepDaemon() {
+ export GROUPER_DAEMON=true
+ export RUN_TOMEE=true
+
setupLoggingPipe
setupGrouperLogPipe
+ cp /opt/tier-support/grouper.xml /opt/tomee/conf/Catalina/localhost/
}
prepDaemonConf() {
- local dest=/opt/grouper/grouper.apiBinary
- linkGrouperSecrets $dest/conf
+ linkGrouperSecrets $dest
if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/conf/
+ cp -r /opt/grouper/conf/* $dest/classes/
fi
if [ -d "/opt/grouper/lib" ]; then
cp -r /opt/grouper/lib/* $dest/lib/custom/
@@ -74,17 +84,21 @@ prepDaemonConf() {
}
prepSCIM() {
+ export GROUPER_SCIM=true
+ export RUN_APACHE=true
+ export RUN_TOMEE=true
+
setupLoggingPipe
setupGrouperLogPipe
setupHttpdLogPipe
setupTomcatLogPipe
- cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
+ cp /opt/tier-support/grouper.xml /opt/tomee/conf/Catalina/localhost/
+
}
prepSCIMConf() {
- local dest=/opt/grouper/grouper.scim/WEB-INF
linkGrouperSecrets $dest/classes
if [ -d "/opt/grouper/conf" ]; then
@@ -96,6 +110,11 @@ prepSCIMConf() {
}
prepUI() {
+ export GROUPER_UI=true
+ export RUN_APACHE=true
+ export RUN_SHIB_SP=true
+ export RUN_TOMEE=true
+
setupLoggingPipe
setupGrouperLogPipe
setupHttpdLogPipe
@@ -103,11 +122,10 @@ prepUI() {
setupTomcatLogPipe
setupSupervisordLogPipe
- cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
+ cp /opt/tier-support/grouper.xml /opt/tomee/conf/Catalina/localhost/
}
prepUIConf() {
- local dest=/opt/grouper/grouper.ui/WEB-INF
linkGrouperSecrets $dest/classes
if [ -d "/opt/grouper/conf" ]; then
@@ -119,17 +137,20 @@ prepUIConf() {
}
prepWS() {
+
+ export GROUPER_WS=true
+ export RUN_APACHE=true
+ export RUN_TOMEE=true
setupLoggingPipe
setupGrouperLogPipe
setupHttpdLogPipe
setupTomcatLogPipe
setupSupervisordLogPipe
- cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
+ cp /opt/tier-support/grouper.xml /opt/tomee/conf/Catalina/localhost/
}
prepWSConf() {
- local dest=/opt/grouper/grouper.ws/WEB-INF
linkGrouperSecrets $dest/classes
if [ -d "/opt/grouper/conf" ]; then
@@ -146,4 +167,4 @@ prepConf() {
prepSCIMConf
prepUIConf
prepWSConf
-}
\ No newline at end of file
+}
diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui
index a03ed585..dee276bd 100755
--- a/container_files/usr-local-bin/ui
+++ b/container_files/usr-local-bin/ui
@@ -6,4 +6,4 @@ prepUI
export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws
index de1384c4..5c78d720 100755
--- a/container_files/usr-local-bin/ui-ws
+++ b/container_files/usr-local-bin/ui-ws
@@ -7,4 +7,4 @@ prepWS
export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-/usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws
index 0e10b688..2cad6dbd 100755
--- a/container_files/usr-local-bin/ws
+++ b/container_files/usr-local-bin/ws
@@ -4,4 +4,4 @@
prepWS
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
diff --git a/manualBuild.sh b/manualBuild.sh
index 67b7d8a8..16fcc3f4 100755
--- a/manualBuild.sh
+++ b/manualBuild.sh
@@ -1,4 +1,4 @@
-docker build --pull --tag=tier/grouper:latest . \
+docker build --pull --tag=itap/grouper:latest . \
if [[ "$OSTYPE" == "darwin"* ]]; then
say build complete
diff --git a/test-compose/configs-and-secrets/grouper/morphString.properties b/test-compose/configs-and-secrets/grouper/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/configs-and-secrets/grouper/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/daemon/Dockerfile b/test-compose/daemon/Dockerfile
index f6203505..58d5868b 100644
--- a/test-compose/daemon/Dockerfile
+++ b/test-compose/daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile
index e4ffb7f8..5635878d 100644
--- a/test-compose/data/Dockerfile
+++ b/test-compose/data/Dockerfile
@@ -1,9 +1,9 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
COPY container_files/seed-data/ /seed-data/
-COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
+COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
RUN yum install -y epel-release \
&& yum update -y \
@@ -44,8 +44,8 @@ RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
(mysqld_safe & ) \
&& while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
- bin/gsh -registry -check -runscript -noprompt \
- && bin/gsh /seed-data/bootstrap.gsh
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /seed-data/bootstrap.gsh
EXPOSE 389 3306
diff --git a/test-compose/data/container_files/conf/grouper.client.properties b/test-compose/data/container_files/conf/grouper.client.properties
new file mode 100644
index 00000000..dcc50ae7
--- /dev/null
+++ b/test-compose/data/container_files/conf/grouper.client.properties
@@ -0,0 +1,112 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings. See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url =
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login =
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password =
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = https://ws/grouper-ws/servicesRest
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = banderson
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
+
+
+################################
+## Grouper Messaging System
+################################
+
+# name of messaging system which is the default
+grouper.messaging.default.name.of.messaging.system = rabbitmq
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+# grouper.messaging.system.grouperBuiltinMessaging.name = grouperBuiltinMessaging
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+# grouper.messaging.system.grouperBuiltinMessaging.class = edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+grouper.messaging.system.rabbitmqSystem.name = rabbitmqSystem
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+grouper.messaging.system.rabbitmqSystem.class = edu.internet2.middleware.grouperMessagingRabbitmq.GrouperMessagingRabbitmqSystem
+
+# host address of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.host = rabbitmq
+
+# virtual host of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.virtualhost =
+
+# port of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.port =
+
+grouper.messaging.system.rabbitmqSystem.defaultPageSize = 10
+
+grouper.messaging.system.rabbitmqSystem.maxPageSize = 50
+
+
+# name of a messaging system, required
+grouper.messaging.system.rabbitmq.name = rabbitmq
+
+# default system settings to this messaging system, note, there is only one level of inheritance
+grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
+
+grouper.messaging.system.rabbitmq.user = guest
+
+#pass
+grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
+# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
+# TLS Version
+#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
+
+# path to trust store file
+#grouper.messaging.system.rabbitmqSystem.pathToTrustStore =
+
+# trust passphrase
+#grouper.messaging.system.rabbitmqSystem.trustPassphrase =
\ No newline at end of file
diff --git a/test-compose/data/container_files/conf/morphString.properties b/test-compose/data/container_files/conf/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/data/container_files/conf/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
index c0e21ed3..e4eb940f 100644
--- a/test-compose/docker-compose.yml
+++ b/test-compose/docker-compose.yml
@@ -207,6 +207,8 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
+ - source: morphString.properties
+ target: grouper_morphString.properties
volumes:
- type: bind
source: ./configs-and-secrets/grouper/grouper.properties
@@ -267,6 +269,9 @@ secrets:
file: ./configs-and-secrets/grouper/subject.properties
sp-key.pem:
file: ./configs-and-secrets/shibboleth/sp-key.pem
+ morphString.properties:
+ file: ./configs-and-secrets/grouper/morphString.properties
+
volumes:
diff --git a/test-compose/gsh/Dockerfile b/test-compose/gsh/Dockerfile
index 33023280..5d0cf039 100644
--- a/test-compose/gsh/Dockerfile
+++ b/test-compose/gsh/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
MAINTAINER tier-packaging@internet2.edu <tier-packaging@internet2.edu>
diff --git a/test-compose/scim/Dockerfile b/test-compose/scim/Dockerfile
index 6b62e1fc..df8d5d73 100644
--- a/test-compose/scim/Dockerfile
+++ b/test-compose/scim/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/ui/Dockerfile b/test-compose/ui/Dockerfile
index 8fec2ae0..059db78f 100644
--- a/test-compose/ui/Dockerfile
+++ b/test-compose/ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/ws/Dockerfile b/test-compose/ws/Dockerfile
index f5c06b96..c56b6972 100644
--- a/test-compose/ws/Dockerfile
+++ b/test-compose/ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM itap/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"