diff --git a/.gitignore b/.gitignore
index 811f8fa7..cb7d7046 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ bin/run.sh
bin/start.sh
bin/stop.sh
bin/test.sh
+/.project
diff --git a/Dockerfile b/Dockerfile
index 6fdf32bd..98d4de5a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,98 +1,4 @@
-FROM centos:centos7 as installing
-
-RUN yum update -y \
- && yum install -y wget tar unzip dos2unix \
- && yum clean all
-
-ARG GROUPER_CONTAINER_VERSION
-
-ENV GROUPER_VERSION=2.4.0 \
- JAVA_HOME=/usr/lib/jvm/zulu-8/ \
- GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
-# use Zulu package
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
- && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
- && yum -y install zulu-8
-
-#RUN java_version=8.0.172; \
-# zulu_version=8.30.0.1; \
-# echo 'Downloading the OpenJDK Zulu...' \
-# && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
-# && echo "0a101a592a177c1c7bc63738d7bc2930 zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
-# && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
-# && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
-
-#RUN java_version=8u151; \
-# java_bnumber=12; \
-# java_semver=1.8.0_151; \
-# java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
-# echo 'Downloading the Oracle Java...' \
-# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
-# http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
-# && echo "$java_hash server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
-# && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
-# && ln -s /opt/jdk$java_semver/ $JAVA_HOME
-
-RUN echo 'Downloading Grouper Installer...' \
- && mkdir -p /opt/grouper/$GROUPER_VERSION \
- && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
-
-COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
-# Temporary morphString file used for building, not used in production
-COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
-
-
-RUN echo 'Installing Grouper'; \
- PATH=$PATH:$JAVA_HOME/bin; \
- cd /opt/grouper/$GROUPER_VERSION/ \
- && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
-
-
-
-FROM centos:centos7 as cleanup
-
-ENV GROUPER_VERSION=2.4.0 \
- TOMCAT_VERSION=8.5.42 \
- TOMEE_VERSION=7.0.0
-
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
-#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
-COPY --from=installing /etc/alternatives/java /etc/alternatives/java
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
-
-RUN cd /opt/grouper/grouper.apiBinary/; \
- rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
-
-RUN cd /opt/tomcat/; \
- chmod +r bin/log4j-*.jar; \
- rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
-
-RUN cd /opt/tomee/; \
- chmod +r bin/log4j-*.jar; \
- rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
-
-COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
-COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat/ /opt/tomcat/
-COPY container_files/tomee/ /opt/tomee/
-
-
-FROM tier/shibboleth_sp:3.0.4_03122019
+FROM tier/shibboleth_sp:3.1.0_04172020
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -100,55 +6,45 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageName=$imagename \
ImageOS=centos7
-ARG GROUPER_CONTAINER_VERSION
-
-ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
- PATH=$PATH:$JAVA_HOME/bin \
- GROUPER_HOME=/opt/grouper/grouper.apiBinary \
- GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
-RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-RUN yum update -y \
- && yum install -y cron logrotate python-pip \
- && pip install --upgrade pip \
- && pip install supervisor \
- && yum clean -y all
-
-COPY --from=installing $JAVA_HOME $JAVA_HOME
-COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
-COPY --from=cleanup /opt/tomee/ /opt/tomee/
-COPY --from=cleanup /opt/grouper/ /opt/grouper/
+# see output with DOCKER_BUILDKIT=0 docker build . --tag my:grouper
RUN groupadd -r tomcat \
- && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
- && mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
- && chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/ \
- && ln -s $JAVA_HOME/bin/java /etc/alternatives/java
+ && useradd -r -m -s /sbin/nologin -g tomcat tomcat
+
+ARG GROUPER_CONTAINER_VERSION
-# does shib sp3 not generate these files?
-# RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
+ENV GROUPER_VERSION=2.6.14 \
+ GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION \
+ JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto \
+ PATH=$PATH:$JAVA_HOME/bin \
+ GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
-COPY container_files/tier-support/ /opt/tier-support/
-COPY container_files/usr-local-bin/ /usr/local/bin/
-COPY container_files/httpd/* /etc/httpd/conf.d/
-COPY container_files/shibboleth/* /etc/shibboleth/
+COPY container_files/ /opt/container_files/
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
- && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
- && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
- && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
+# only needed if not building grouper (testing container)
+#RUN mkdir -p /opt/grouper/$GROUPER_VERSION/container/tomee
+#RUN mkdir -p /opt/grouper/$GROUPER_VERSION/container/webapp
+#COPY grouper-installer-2.6.14.jar /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar
+#COPY opt_tomee/ /opt/grouper/$GROUPER_VERSION/container/tomee/
+#COPY opt_grouper/ /opt/grouper/$GROUPER_VERSION/container/webapp/
+# end if not need building container
-WORKDIR /opt/grouper/grouper.apiBinary/
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
-EXPOSE 80 443
+RUN chmod +x /opt/container_files/*.sh \
+ && /opt/container_files/containerDockerfileInstall.sh $CORRETTO_URL_PERM $CORRETTO_RPM $JAVA_HOME $GROUPER_VERSION
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
+EXPOSE 80 443
HEALTHCHECK NONE
-
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-CMD ["bin/gsh", "-loader"]
+# testing container
+#ENTRYPOINT ["ping"]
+#CMD ["google.com"]
+
+
diff --git a/Jenkinsfile b/Jenkinsfile
index 3ed439e5..dd445106 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -12,8 +12,11 @@ pipeline {
script {
maintainer = maintain()
imagename = imagename()
- if(env.BRANCH_NAME == "master") {
+ if(env.BRANCH_NAME == "main") {
tag = "latest"
+ // } else if (env.BRANCH_NAME == "2.6.9") {
+ // // skip it for now
+ // sh 'exit -1'
} else {
tag = env.BRANCH_NAME
}
@@ -51,12 +54,17 @@ pipeline {
steps {
script {
try{
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+ // statically defining jenkins credential value dockerhub-tier
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
}
+ // test the environment
+ // sh 'cd test-compose && ./compose.sh'
+ // bring down after testing
+ // sh 'cd test-compose && docker-compose down'
} catch(error) {
def error_details = readFile('./debug');
- def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
@@ -70,7 +78,7 @@ pipeline {
sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
- def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+ def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
@@ -81,21 +89,8 @@ pipeline {
stage('Push') {
steps {
script {
- //// scan the image with clair
- // sh 'docker run -p 5432:5432 -d --name clairdb arminc/clair-db:latest'
- // sh 'docker run -p 6060:6060 --link clairdb:postgres -d --name clair arminc/clair-local-scan:v2.0.5'
- // sh 'curl -L -o clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64'
- // sh 'chmod 755 clair-scanner'
- // sh "./clair-scanner --ip 172.17.0.1 -r test.out $maintainer/$imagename:latest"
- //// test the environment
- // sh 'docker kill clairdb'
- // sh 'docker rm clairdb'
- // sh 'docker kill clair'
- // sh 'docker rm clair'
- // sh 'cd test-compose && ./compose.sh'
- //// bring down after testing
- //sh 'cd test-compose && docker-compose down'
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+ // statically defining jenkins credential value dockerhub-tier
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
baseImg.push("$tag")
}
}
diff --git a/LICENSE b/LICENSE
index 8dada3ed..2df95452 100644
--- a/LICENSE
+++ b/LICENSE
@@ -7,7 +7,7 @@
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
+ and distribution as defined by Sections 1 through 9 of this document
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
diff --git a/README.md b/README.md
index 691033e4..6e26ced3 100644
--- a/README.md
+++ b/README.md
@@ -1,374 +1,11 @@
-[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/master)
+Documentation for this container is located at the following URL:
+https://spaces.at.internet2.edu/pages/viewpage.action?pageId=163119272
-
-This repository contains the source code used to create the InCommon Trusted Access Platform Grouper container. This standalone container is pushed to Dockerhub, various tags are available at the following URL: https://hub.docker.com/r/tier/grouper/tags. This repo can also be cloned and the container built locally.
-
-The test-compose directory contains an example Grouper environment that starts up the various Grouper components. This example demonstrates how one might go about customizing and deploying their Grouper containers, using the TIER Grouper image as a base image. If evaluating Grouper, this is a good place to start.
-
-
-# Upgrading from 2.3 to 2.4
-
-If upgrading from Grouper version 2.3 to 2.4 and using LDAP, modifications will be needed in subject.properties and grouper-loaders.proprties. Further details about this can be found at the following URL:
-https://spaces.at.internet2.edu/display/Grouper/vt-ldap+to+ldaptive+migration+for+LDAP+access
-
-In particular, in subject.properties, *.param.base.value should be adjusted to only contain the RDN (Relative Distinguished Name), not the full DN. For example, "OU=People", not "OU=People,DC=domain,DC=edu"
-
-Additional upgrade information can be found at the following URL: https://spaces.at.internet2.edu/display/Grouper/v2.4+Upgrade+Instructions+from+v2.3
-
-
-
-# Supported tags
-
-- latest
-- patch specific tags with date timestamp* (i.e. 2.4.0-80-u51-w10-p11-20191118)
-
-\* Patch builds are routinely produced, but not necessarily for each patch release. The following monikers are used to construct the tag name:
-
-- a = api patch number
-- u = ui patch number
-- w = ws patch number
-- p = pspng patch number
-- last field = the year, month and day the image was built
-
-# Quick reference
-
-- **Where to get help**:
- [tier-packaging@internet2.edu](mailto:tier-packaging@internet2.edu?subject=Grouper%20Image%20Help)
-
-- **Where to file issues**:
- [https://github.internet2.edu/docker/grouper/issues](https://github.internet2.edu/docker/grouper/issues)
-
-- **Maintained by**:
- [TIER Packaging Working Group](https://spaces.internet2.edu/display/TPWG)
-
-- **Supported Docker versions**:
- [the latest release](https://github.com/docker/docker-ce/releases/latest) (down to 1.6 on a best-effort basis)
-
-# What is Grouper?
-
-Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk.
-
-> [www.internet2.edu/products-services/trust-identity/grouper/](https://www.internet2.edu/products-services/trust-identity/grouper/)
-
-
-
-# How to use this image
-
-This image provides support for each of the Grouper components/roles: Grouper Daemon/Loader, Grouper UI, Grouper Web Services, and Grouper SCIM Server.
-
-## Starting each role
-
-While TIER recommends/supports using Docker Swarm for orchestrating the Grouper environment, these containers can be run directly (or with other orchestration products). Both examples are shown below. It should be noted that these examples will not run independently, but required additional configuration to be provided before each container will start as expected.
-
-### Daemon/Loader
-
-Run the Grouper Daemon/Loader as a service. If the daemon/loader container dies unexpectedly, it may be due to memory contraints. Refer to the "Grouper Shell/Loader" section below for information on how to tweak memory settings.
-
-```console
-$ docker service create --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-Run the Grouper Daemon/Loader as a standalone container.
-
-```console
-$ docker run --detach --name grouper-daemon tier/grouper:latest daemon
-```
-
-### SCIM Server
-
-Runs the Grouper SCIM Server as a service.
-
-```console
-$ docker service create --detach --publish 9443:443 --name grouper-ws tier/grouper:latest scim
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 9443:443 --name grouper-daemon tier/grouper:latest scim
-```
-
-### UI
-
-Runs the Grouper UI as a service.
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-ui tier/grouper:latest ui
-```
-
-Runs the Grouper UI in a standalone container.
-
-```console
-$ docker run --detach --name --publish 443:443 grouper-ui tier/grouper:latest ui
-```
-
-### Web Services
-
-Runs the Grouper Web Services as a service.
-
-```console
-$ docker service create --detach --publish 8443:443 --name grouper-ws tier/grouper:latest ws
-```
-
-Runs the Grouper Web Services in a standalone container.
-
-```console
-$ docker run --detach --publish 8443:443 --name grouper-daemon tier/grouper:latest ws
-```
-
-### UI and Web Services
-
-> This method is good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-Runs the Grouper UI and Web Services as a combined service. (You should really run these as individual roles to take advantage of Docker service replicas.)
-
-```console
-$ docker service create --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-Runs the Grouper UI and Web Services in a combined container. This good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above.
-
-```console
-$ docker run --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws
-```
-
-### GSH
-
-Runs the Grouper Shell in a throwaway container. This makes it easy to run Grouper commands and Grouper Shell scripts. Since it is interactive it does not run as a service.
-
-```console
-$ docker run -it --rm tier/grouper:latest bin/gsh <optional GSH args>
-```
-
-# Configuration
-
-## Grouper Configurations
-
-There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up.
-
-Grouper config files maybe placed into `/opt/grouper/conf` and these files will be put into the appropriate location based on the role the container assumes. Docker Secrets starting with the name `grouper_` should take precedence over these files. (See below.)
-
-## Web Apps Configuration
-
-If starting the container to serve the Grouper UI, Grouper Web Services, Grouper SCIM Server components, a TLS key and cert(s) need to be applied to those containers.
-
-The Grouper UI also requires some basic Shibboleth SP configuration. The `/etc/shibboleth/shibboleth2.xml` file should be modified to set:
-- an entityId for the SP
-- load IdP or federation metadata
-- set the SP's encryption keys
-- the identity attribute of the subject to be passed to Grouper
-
-If encryption keys are defined in the `shibboleth2.xml` file, then the key/cert files should be provided as well. The `attribute-map.xml` file has most of the common identity attributes pre-configured, but it (and other Shibboleth SP files) can be overlaid/replaced as necessary.
-
-(See the section below.)
-
-## General Configuration Mechanism
-
-There are three primary ways to provide Grouper and additional configuration files to the container: Docker Config/Secrets, customized images, and bind mounts. Depending upon your needs you may use a combination of two or three of these options.
-
-### Secrets/Configs
-
-Docker Config and Docker Secrets are Docker's way of providing configurations files to a container at runtime. The primary difference between the Config and Secrets functionality is that Secrets is designed to protect resources/files that are sensitive.
-
-For passing full files into the container, this container will make any secrets with secret names prepended with `grouper_` available to the appropriate Grouper component's conf directory (i.e. `<GROUPER_HOME>/conf` or `WEB-INF/classes`). Any secrets with secret names starting with `shib_` will be available in the Shibboleth SP `/etc/shibboleth/` directory. Any secrets with secret names starting with `httpd_` will be available to `/etc/httpd/conf.d` directory. Finally, if a secret with the name of `host-key.pem` will be mapped to the httpd TLS cert used by Grouper UI, Grouper WS, and Grouper SCIM Server containers. These files will supercede any found in the underlying image.
-
-Docker Secrets can also be used to pass in strings, such as a database connection string password, into the component config. To pass in the Grouper database connection string, one might set the property and value as such:
-
-```text
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(new("java.io.File", java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE')), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
-```
-
-Note that the default property name has been changed by appending `.elConfig`. (This causes Grouper to evaluate the string before saving the value.) The expression allows deployers to use a file containing only the database password as a Docker Secret and reference the file name via the `GROUPER_DATABASE_PASSWORD_FILE` environment property. This allows the config files to be baked into the image, if desired. Also, but not recommended, the database password could just be set in the Docker Service definition as an environment variable, `GROUPER_DATABASE_PASSWORD`. (Technically the expression can be broken up and just the desired functionality used.) Of course, using Grouper's MorphString functionality is supported and likely is the best option, but does require more effort in setting it up.
-
-Secrets can be managed using the `docker secret` command: `docker secret create grouper_grouper.hibernate.properties ./grouper.hibernate.properties`. This will securely store the file in the swarm. Secrets can then be assigned to the service `docker service create -d --name daemon --secret grouper_grouper.hibernate.properties --secret grouper_sources.xml tier/grouper daemon`.
-
-> `docker run` does not support secrets; Bind mounts need to be used instead, which is technically what Docker Compose does when not running against a Swarm.
-
-### Bind Mounts
-
-Bind mounts can be used to connect files/folders on the Docker host into the container's file system. Unless running in swarm mode, Docker Secrets are not supported, so we can use a bind mount to provide the container with the configuration files.
-
-```console
-$ docker run --detach --name daemon \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- --mount type=bind,src=$(pwd)/sources.xml,dst=/run/secrets/grouper_sources.xml \
- tier/grouper daemon
-```
-
-### Customized Images
-
-Deployers will undoubtedly want to add in their files to the container. Things like additional jar files defining Grouper Hooks, or things like images and css files. This can be accomplished by building custom images. **Deployers should NOT use this method to store sensitive configuration files.**
-
-To add a favicon to the Grouper UI, we use the tier/grouper images as a base and `COPY` our local `favicon.ico` into the image. While we are at it, we define this image as a UI image by specifying the default commnd (i.e `CMD`) of `ui`.
-
-```Dockerfile
-FROM tier/grouper:latest
-
-COPY favicon.ico /opt/grouper/grouper.ui/
-
-CMD ui
-```
-
-To build our image:
-
-```console
-$ docker build --tag=org/grouper-ui .
-```
-
-This image can now be used locally or pushed to an organization's Docker repository.
-
-
-## Environment Variables
-
-Deployers can set runtime variables to both the Grouper Shell and Loader/Daemon and to Tomcat/Tomcat EE using environment variables. These can be set using the `docker run` and `docker service creates`'s `--env` paramater.
-
-### Grouper Shell/Loader
-
-The following environment variables are used by the Grouper Shell/Loader:
-- MEM_START: corresponds to the java's `-Xms`. (default is 64m)
-- MEM_MAX: corresponds to java's `-Xmx`. (default is 750m)
-
-### Tomcat/TomEE
-
-Amongst others variables defined in the `catalina.sh`, the following variables would like be useful for deployers:
-- CATALINA_OPTS: Java runtime options to only be used by Tomcat itself.
-
-# File System Endpoints
-
-Here is a list of significant directories and files that deployers should be aware of:
-
-- `/opt/grouper/conf/`: a common directory to place non-sensitive config files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/lib/`: a common directory to place additional jar files that will be placed into the appropriate location for each Grouper component at container start-up.
-- `/opt/grouper/grouper.apiBinary/`: location to overlay Grouper GSH or Daemon/Loader files.
-`/opt/grouper/grouper.scim/`: location for overlaying Grouper SCIM Server web application files (expanded `grouper-ws-scim.war`).
-- `/opt/grouper/grouper.ui/`: location for overlaying Grouper UI web application files (expanded `grouper.war`).
-- `/opt/grouper/grouper.ws/`: location for overlaying Grouper Web Services web application files (expanded `grouper-ws.war`).
-- `/etc/httpd/conf.d/ssl-enabled.conf`: Can be overlaid to change the TLS settings when running Grouper UI or Web Servicse.
-- `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image.
-- `/opt/tomcat/`: used to run Grouper UI and Grouper WS
-- `/opt/tomee/`: used to run the Grouper SCIM Server.
-- `/var/run/secrets`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above.
-- `/usr/lib/jvm/zulu-8/jre/lib/security/cacerts`: location of the Java trust store.
-
-To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these file system endpoints. While the container is running one may copy files out of the image/container using something like `docker cp containerId:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the Docker client's present working directory. These files can then be edited and applied via the mechanisms outlined above.
-
-# Web Application Endpoints
-
-Here is a list of significant web endpoints that deployers should be aware of:
-
-- `/grouper/`: location of the Grouper UI application
-- `grouper-ws/`: location of the Grouper WS application.
-- `/grouper-ws-scim/`: location of the Grouper SCIM Server application.
-
-The endpoint that is available is dependent upon the role of the container.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure to the user created with schema manipulation privileges as the db user.
-
-Next populate the database by using the following command.
-
-```console
-$ docker run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Note: a less privileged database user maybe used when running the typical Grouper roles. This user needs SELECT, INSERT, UPDATE, and DELETE privileges on the schema objects.
-
-# Provisioning a Grouper Database
-
-Using standard methods, create a MariaDb Server and an empty Grouper database. Create a database user with privileges to create and populate schema objects. Set the appropriate database connection properties in `grouper.hibernate.properties`. Be sure that the user is created with schema manipulation privileges.
-
-Next populate the database by using the following command.
-
-```console
-$ docker container run -it --rm \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper gsh -registry -check -runscript -noprompt
-```
-
-Also, it is possible to just connect directly to the container, create the DDL, and copy it out. This is necessary if your DBAs would prefer to manually execute the DDL to create the schema objects:
-
-```console
-$ docker container run -it --name grouper \
- --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper_grouper.hibernate.properties \
- tier/grouper
-
- gsh -registry -check
-
- exit
-
-$ docker container cp grouper:/opt/grouper/grouper.apiBinary/ddlScripts/ .
-$ docker container rm -f grouper
-```
-The generated DDL will be on the host in the `ddlScripts` directory.
-
-Note: A less privileged database user maybe used when running the typical Grouper roles. This user just needs SELECT, INSERT, UPDATE, and DELETE privileges on the tables and views. Running in this configuration requires DBAs to manually run the DDL scripts.
-
-# Configuring the embedded Shibboleth SP
-
-The Shibboleth SP needs to be configured to integrate with one or more SAML IdPs. Reference the Shibboleth SP documentation for specific instructions, but here is information on generating an encryption key/cert pair and mounting them (all of which are environment specific) and the shibboleth2.xml into the container.
-
-1. Start a temporary container and generate the key/cert pair:
- ```
- $ docker container run -it --name grouper \
- tier/grouper bash
-
- cd /etc/shibboleth
- ./keygen.sh -f -h <public_hostname>
- exit
- ```
-
-1. Copy the key, cert, and `shibboleth2.xml` files out of the container (and remove the container)
- ```console
- $ docker container cp grouper:/etc/shibboleth/shibboleth2.xml .
- $ docker container cp grouper:/etc/shibboleth/sp-cert.pem .
- $ docker container cp grouper:/etc/shibboleth/sp-key.pem .
-
- $ docker container rm grouper
- ```
-
-1. After updating the `shibboleth2.xml` file, save the key, cert, and shibboleth2.xml as secrets/config:
- ```console
- $ docker secret create sp-key.pem sp-key.pem
- $ docker config create sp-cert.pem sp-cert.pem
- $ docker config create shibboleth2.xml shibboleth2.xml
- ```
-
-1. Add the following to the UI service creation command to mount the environment specific settings:
- ```
- --secret source=sp-key.pem.pem,target=shib_sp-key.pem \
- --config source=sp-cert.pem,target=/etc/shibboleth/sp-cert.pem \
- --config source=shibboleth2.xml,target=/etc/shibboleth/shibboleth2.xml \
- ```
-
-# Logging
-
-This image outputs logs in a manner that is consistent with Docker Logging. Each log entry is prefaced with the submodule name (e.g. shibd, httpd, tomcat, grouper), the logfile name (e.g. access_log, grouper_error.log, catalina.out) and user definable environment name and a user definable token. Content found after the preface will be specific to the application ands its logging configuration.
-
-> Note: If customizing a particular component's logging, it is recommended that the file be source from the image (`docker container cp`) or from the image's source repository.
-
-To assign the "environment" string, set the environment variable `ENV` when defining the Docker service. For the "user defined token" string, use the environment variable of `USERTOKEN`.
-
-An example might look like the following, with the env of "dev" and the usertoken of "build-2"
-
-```text
-shibd shibd.log dev build-2 2018-03-27 20:42:22 INFO Shibboleth.Listener : listener service starting
-grouper-api grouper_event.log dev build-2 2018-03-27 21:10:00,046: [DefaultQuartzScheduler_Worker-1] INFO EventLog.info(156) - - [fdbb0099fe9e46e5be4371eb11250d39,'GrouperSystem','application'] session: start (0ms)
-tomcat console dev build-2 Grouper starting up: version: 2.3.0, build date: null, env: <no label configured>
-```
-
-# Misc Notes
-
-- [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is enabled on the Apache HTTP Server.
-- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/var/run/secrets/secretname`.
-- Grouper UI has been pre-configured to authenticate users via Shibboleth SP.
-- By default, Grouper WS (hosted by `/opt/tomcat/`) and the Grouper SCIM Server (hosted by `/opt/tomee/`) use tomcat-users.xml for authentication, but by default no users are enabled. LDAP-backed authentication or other methods can be used and must be configured by the deployer.
+[](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/grouper/2.5.22)
# License
-View [license information](https://www.apache.org/licenses/LICENSE-2.0) for the software contained in this image.
+View [license information](https://www.apache.org/licenses/LICENSE-2.0) for the software contained in this image
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
diff --git a/common.bash b/common.bash
index 22fbc6a9..cc96a899 100644
--- a/common.bash
+++ b/common.bash
@@ -1,2 +1,2 @@
-maintainer="tier"
+maintainer="i2incommon"
imagename="grouper"
diff --git a/container_files/api/log4j.properties b/container_files/api/log4j.properties
index 9b9c5d4e..75bc0249 100644
--- a/container_files/api/log4j.properties
+++ b/container_files/api/log4j.properties
@@ -26,107 +26,66 @@
# Appenders
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-api;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
+## Log messages to stderr
+log4j.appender.grouper_stderr = org.apache.log4j.ConsoleAppender
+log4j.appender.grouper_stderr.Target = System.err
+log4j.appender.grouper_stderr.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_stderr.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-api;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-api;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-api;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
+log4j.appender.grouper_error = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_error.File = /opt/grouper/logs/grouper.log
+log4j.appender.grouper_error.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_error.MaxBackupIndex = 30
+log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_daemon = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_daemon.File = /opt/grouper/logs/grouperDaemon.log
+log4j.appender.grouper_daemon.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_daemon.MaxBackupIndex = 30
+log4j.appender.grouper_daemon.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_daemon.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_pspng = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_pspng.File = /opt/grouper/logs/pspng.log
+log4j.appender.grouper_pspng.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_pspng.MaxBackupIndex = 30
+log4j.appender.grouper_pspng.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_pspng.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_provisioning = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_provisioning.File = /opt/grouper/logs/provisioning.log
+log4j.appender.grouper_provisioning.DatePattern = '.'yyyy-MM-dd
+log4j.appender.grouper_provisioning.MaxBackupIndex = 30
+log4j.appender.grouper_provisioning.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_provisioning.layout.ConversionPattern = %d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+
# Loggers
-
+
## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
+log4j.rootLogger = ERROR, grouper_stderr, grouper_error
+
+ ## All Internet2 (warn to grouper_error per default logger)
log4j.logger.edu.internet2.middleware = WARN
+log4j.logger.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = DEBUG, grouper_daemon
+log4j.additivity.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = false
+
+log4j.logger.edu.internet2.middleware.grouper.pspng = INFO, grouper_pspng
+log4j.additivity.edu.internet2.middleware.grouper.pspng = false
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
+log4j.logger.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = DEBUG, grouper_provisioning
+log4j.additivity.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = false
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
+log4j.logger.edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon = DEBUG
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
+log4j.logger.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogCommands = DEBUG
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
+log4j.logger.edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener = DEBUG
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
+log4j.logger.edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic = DEBUG
#######################################################
@@ -142,3 +101,5 @@ log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grou
# added by grouper-installer
log4j.logger.org.apache.tools.ant = WARN
+
+log4j.logger.edu.internet2.middleware.grouper.util.PerformanceLogger = INFO
\ No newline at end of file
diff --git a/container_files/api/log4j2.additionalAppenders.xml.txt b/container_files/api/log4j2.additionalAppenders.xml.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/container_files/api/log4j2.additionalLoggers.xml.txt b/container_files/api/log4j2.additionalLoggers.xml.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/container_files/api/log4j2.xml b/container_files/api/log4j2.xml
new file mode 100644
index 00000000..8f035ce8
--- /dev/null
+++ b/container_files/api/log4j2.xml
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Configuration status="info">
+ <Properties>
+ <Property name="layout">%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n</Property>
+ <Property name="env">__ENV__</Property>
+ <Property name="usertoken">__USERTOKEN__</Property>
+ <Property name="grouplogprefix">__GROUPER_LOG_PREFIX__</Property>
+ </Properties>
+ <Appenders>
+ <Console name="stderr" target="SYSTEM_ERR">
+ <PatternLayout pattern="${grouplogprefix};${env}${usertoken}${layout}"/>
+ </Console>
+ <RollingFile name="file_catalina" fileName="/opt/grouper/logs/catalina.out" filePattern="/opt/grouper/logs/catalina.out.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};catalina.out;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_error" fileName="/opt/grouper/logs/grouper.log" filePattern="/opt/grouper/logs/grouper.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};grouper_error.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_daemon" fileName="/opt/grouper/logs/grouperDaemon.log" filePattern="/opt/grouper/logs/grouperDaemon.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};grouperDaemon.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_pspng" fileName="/opt/grouper/logs/pspng.log" filePattern="/opt/grouper/logs/pspng.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};pspng.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_provisioning" fileName="/opt/grouper/logs/provisioning.log" filePattern="/opt/grouper/logs/provisioning.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};provisioning.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_ws" fileName="/opt/grouper/logs/grouper_ws.log" filePattern="/opt/grouper/logs/grouper_ws.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};grouper_ws.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <RollingFile name="file_grouper_ws_longRunning" fileName="/opt/grouper/logs/grouper_ws_longRunning.log" filePattern="/opt/grouper/logs/grouper_ws_longRunning.log.%d{yyyy-MM-dd}" >
+ <PatternLayout pattern="${grouplogprefix};grouper_ws_longRunning.log;${env}${usertoken}${layout}"/>
+ <Policies>
+ <TimeBasedTriggeringPolicy interval="1"/>
+ </Policies>
+ <DefaultRolloverStrategy max="30" />
+ </RollingFile>
+ <File name="logpipe_catalina" fileName="/tmp/logpipe">
+ <PatternLayout pattern="tomee;catalina.out;${sys:ENV}${sys:USERTOKEN}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_error" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};grouper_error.log;${env}${usertoken}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_daemon" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};grouperDaemon.log;${env}${usertoken}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_pspng" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};pspng.log;${env}${usertoken}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_provisioning" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};provisioning.log;${env}${usertoken}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_ws" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};grouper_ws.log;${env}${usertoken}${layout}"/>
+ </File>
+ <File name="logpipe_grouper_ws_longRunning" fileName="/tmp/logpipe">
+ <PatternLayout pattern="${grouplogprefix};grouper_ws_longRunning.log;${env}${usertoken}${layout}"/>
+ </File>
+
+ <!--MOREAPPENDERS-->
+
+ </Appenders>
+ <Loggers>
+ <Root level="error">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Root>
+ <Logger name="org.apache.catalina" level="info" additivity="false">
+ <AppenderRef ref="logpipe_catalina" />
+ <AppenderRef ref="file_catalina"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware" level="warn" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_daemon"/>
+ <AppenderRef ref="file_grouper_daemon"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.pspng" level="warn" additivity="false">
+ <AppenderRef ref="logpipe_grouper_pspng"/>
+ <AppenderRef ref="file_grouper_pspng"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_provisioning"/>
+ <AppenderRef ref="file_grouper_provisioning"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogCommands" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeEsbListener" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.stem.StemViewPrivilegeFullDaemonLogic" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="org.apache.tools.ant" level="warn" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.util.PerformanceLogger" level="info" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLog" level="off" additivity="false">
+ <AppenderRef ref="logpipe_grouper_ws"/>
+ <AppenderRef ref="file_grouper_ws"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ws.util.GrouperWsLongRunningLog" level="off" additivity="false">
+ <AppenderRef ref="logpipe_grouper_ws_longRunning"/>
+ <AppenderRef ref="file_grouper_ws_longRunning"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.ui.customUi.CustomUiEngine" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.upenn.isc.pennGrouper.o365" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.remedy.GrouperRemedyLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_provisioning"/>
+ <AppenderRef ref="file_grouper_provisioning"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.remedy.digitalMarketplace.GrouperDigitalMarketplaceLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_provisioning"/>
+ <AppenderRef ref="file_grouper_provisioning"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouperBox.GrouperBoxLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_provisioning"/>
+ <AppenderRef ref="file_grouper_provisioning"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouperClient.jdbc.tableSync.GcTableSyncLog" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_error"/>
+ <AppenderRef ref="file_grouper_error"/>
+ </Logger>
+ <Logger name="edu.internet2.middleware.grouper.app.zoom" level="debug" additivity="false">
+ <AppenderRef ref="logpipe_grouper_provisioning"/>
+ <AppenderRef ref="file_grouper_provisioning"/>
+ </Logger>
+
+ <!--MORELOGGERS-->
+ </Loggers>
+</Configuration>
\ No newline at end of file
diff --git a/container_files/certs/TestSsl.class b/container_files/certs/TestSsl.class
new file mode 100644
index 00000000..6ce4c196
Binary files /dev/null and b/container_files/certs/TestSsl.class differ
diff --git a/container_files/certs/TestSsl.java b/container_files/certs/TestSsl.java
new file mode 100644
index 00000000..29677b7a
--- /dev/null
+++ b/container_files/certs/TestSsl.java
@@ -0,0 +1,39 @@
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.*;
+
+/**
+ * Establish a SSL connection to a host and port, writes a byte and
+ */
+public class TestSsl {
+ public static void main(String[] args) {
+ if (args.length != 2) {
+ System.out.println("Usage: "+TestSsl.class.getName()+" <host> <port>");
+ System.exit(1);
+ }
+ try {
+ SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
+
+ SSLParameters sslparams = new SSLParameters();
+ sslparams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslsocket.setSSLParameters(sslparams);
+
+ InputStream in = sslsocket.getInputStream();
+ OutputStream out = sslsocket.getOutputStream();
+
+ // Write a test byte to get a reaction :)
+ out.write(1);
+
+ while (in.available() > 0) {
+ System.out.print(in.read());
+ }
+ System.out.println("Successfully connected");
+
+ } catch (Exception exception) {
+ exception.printStackTrace();
+ System.exit(1);
+ }
+ }
+}
diff --git a/container_files/certs/get_tls_cert.py b/container_files/certs/get_tls_cert.py
new file mode 100644
index 00000000..f1989659
--- /dev/null
+++ b/container_files/certs/get_tls_cert.py
@@ -0,0 +1,122 @@
+import sys
+import pprint
+import struct
+import socket
+import ssl
+from time import sleep
+
+# Standard "HELLO" message for TDS
+prelogin_msg = bytearray([ 0x12, 0x01, 0x00, 0x2f, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x06, 0x01, 0x00, 0x20,
+ 0x00, 0x01, 0x02, 0x00, 0x21, 0x00, 0x01, 0x03, 0x00, 0x22, 0x00, 0x04, 0x04, 0x00, 0x26, 0x00,
+ 0x01, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ])
+
+# Prep Header function
+def prep_header(data):
+ data_len = len(data)
+ prelogin_head = bytearray([ 0x12, 0x01 ])
+ header_len = 8
+ total_len = header_len + data_len
+ data_head = prelogin_head + total_len.to_bytes(2, 'big')
+ data_head += bytearray([ 0x00, 0x00, 0x01, 0x00])
+ return data_head + data
+
+def read_header(data):
+ if len(data) != 8:
+ raise ValueError("prelogin header is > 8-bytes", data)
+
+ format = ">bbhhbb"
+ sct = struct.Struct(format)
+ unpacked = sct.unpack(data)
+ return { "type": unpacked[0],
+ "status": unpacked[1],
+ "length": unpacked[2],
+ "channel": unpacked[3],
+ "packet": unpacked[4],
+ "window": unpacked[5]
+ }
+
+tdspbuf = bytearray()
+def recv_tdspacket(sock):
+ global tdspbuf
+ tdspacket = tdspbuf
+ header = {}
+
+ for i in range(0,5):
+ tdspacket += sock.recv(4096)
+ print("\n# get_tdspacket: {}, tdspacket len: {} ".format(i, len(tdspacket)))
+ if len(tdspacket) >= 8:
+ header = read_header(tdspacket[:8])
+ print("# Header: ", header)
+ if len(tdspacket) >= header['length']:
+ tdspbuf = tdspacket[header['length']:]
+ print("# Remaining tdspbuf length: {}\n".format(len(tdspbuf)))
+ return header, tdspacket[8:header['length']]
+
+ sleep(0.05)
+
+# Ensure we have a commandline
+if len(sys.argv) != 3:
+ print("Usage: {} <hostname> <port>".format(sys.argv[0]))
+ sys.exit(1)
+
+hostname = sys.argv[1]
+port = int(sys.argv[2])
+
+
+# Setup SSL
+if hasattr(ssl, 'PROTOCOL_TLS'):
+ sslProto = ssl.PROTOCOL_TLS
+else:
+ sslProto = ssl.PROTOCOL_SSLv23
+
+sslctx = ssl.SSLContext(sslProto)
+sslctx.check_hostname = False
+tls_in_buf = ssl.MemoryBIO()
+tls_out_buf = ssl.MemoryBIO()
+
+# Create the SSLObj connected to the tls_in_buf and tls_out_buf
+tlssock = sslctx.wrap_bio(tls_in_buf, tls_out_buf)
+
+# create an INET, STREAMing socket
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.setblocking(0)
+s.settimeout(1)
+
+# Connect to the SQL Server
+s.connect(( hostname, port ))
+
+# Send the first TDS PRELOGIN message
+s.send(prelogin_msg)
+
+# Get the response and ignore. We will try to negotiate encryption anyway.
+header, data = recv_tdspacket(s)
+while header['status']==0:
+ header, ext_data = recv_tdspacket(s)
+ data += ext_data
+
+
+print("# Starting TLS handshake loop..")
+# Craft the packet
+for i in range(0,5):
+ try:
+ tlssock.do_handshake()
+ print("# Handshake completed, dumping certificates")
+ peercert = ssl.DER_cert_to_PEM_cert(tlssock.getpeercert(True))
+ print(peercert)
+ sys.exit(0)
+ except ssl.SSLWantReadError as err:
+ # TLS wants to keep shaking hands, but because we're controlling the R/W buffers it throws an exception
+ print("# Shaking ({}/5)".format(i))
+
+ tls_data = tls_out_buf.read()
+ s.sendall(prep_header(tls_data))
+ # TDS Packets can be split over two frames, each with their own headers.
+ # We have to concat these for TLS to handle nego properly
+ header, data = recv_tdspacket(s)
+ while header['status']==0:
+ header, ext_data = recv_tdspacket(s)
+ data += ext_data
+
+ tls_in_buf.write(data)
+
+print("# Handshake did not complete / exiting")
\ No newline at end of file
diff --git a/container_files/containerDockerfileInstall.sh b/container_files/containerDockerfileInstall.sh
new file mode 100644
index 00000000..97a0b03f
--- /dev/null
+++ b/container_files/containerDockerfileInstall.sh
@@ -0,0 +1,221 @@
+#!/bin/bash
+
+# $1 ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+# $2 ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+# $3 ARG JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
+# $4 ARG GROUPER_VERSION=2.6.14
+
+yum update -y
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) yum update -y, result: $returnCode"
+
+yum install -y wget tar unzip dos2unix patch
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) yum install -y wget tar unzip dos2unix patch, result: $returnCode"
+
+yum clean all
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) yum clean all, result: $returnCode"
+
+curl -O -L $1
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) curl -O -L $1, result: $returnCode"
+
+rpm --import /opt/container_files/java-corretto/corretto-signing-key.pub corretto-signing-key.pub
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rpm --import /opt/container_files/java-corretto/corretto-signing-key.pub corretto-signing-key.pub, result: $returnCode"
+
+rpm -K $2
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rpm -K $2, result: $returnCode"
+
+rpm -i $2
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rpm -i $2, result: $returnCode"
+
+rm -r $2
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -r $2, result: $returnCode"
+
+mv /opt/container_files/tier-support /opt
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/tier-support /opt, result: $returnCode"
+
+mkdir -p /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) , result: $returnCode"
+
+wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar, result: $returnCode"
+
+mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode"
+
+# Temporary morphString file used for building, not used in production
+mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/morphString.properties /opt/grouper/$GROUPER_VERSION, result: $returnCode"
+
+cd /opt/grouper/$GROUPER_VERSION/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cd /opt/grouper/$GROUPER_VERSION/, result: $returnCode"
+
+$JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller, result: $returnCode"
+
+mkdir -p /opt/grouper/grouperWebapp/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/grouperWebapp/, result: $returnCode"
+
+mkdir -p /opt/tomee/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/, result: $returnCode"
+
+mv /opt/grouper/$4/grouperInstaller.jar /opt/grouper/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /opt/grouper/$4/grouperInstaller.jar /opt/grouper/, result: $returnCode"
+
+mv /opt/grouper/$4/container/tomee/* /opt/tomee/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/grouper/$4/container/tomee/* /opt/tomee/, result: $returnCode"
+
+mv /opt/grouper/$4/container/webapp/* /opt/grouper/grouperWebapp/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/grouper/$4/container/webapp/grouperWebapp/* /opt/grouper/grouperWebapp/, result: $returnCode"
+
+rm -rf /opt/grouper/$4
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/grouper/$4, result: $returnCode"
+
+rm -fr /opt/tomee/webapps/docs/ /opt/tomee/webapps/host-manager/ /opt/tomee/webapps/manager/ /opt/tomee/logs/* /opt/tomee/temp/* /opt/tomee/work/* /opt/tomee/conf/logging.properties
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -fr /opt/tomee/webapps/docs/ /opt/tomee/webapps/host-manager/ /opt/tomee/webapps/manager/ /opt/tomee/logs/* /opt/tomee/temp/* /opt/tomee/work/*\ /opt/tomee/conf/logging.properties, result: $returnCode"
+
+cp -R /opt/container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/, result: $returnCode"
+
+cp -R /opt/container_files/tomee/* /opt/tomee/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/tomee/* /opt/tomee/, result: $returnCode"
+
+mkdir -p /opt/tomee/conf/Catalina/localhost/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/conf/Catalina/localhost/, result: $returnCode"
+
+ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -sf /usr/share/zoneinfo/UTC /etc/localtime, result: $returnCode"
+
+rm -f /etc/alternatives/java
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /etc/alternatives/java, result: $returnCode"
+
+ln -s $3/bin/java /etc/alternatives/java
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) ln -s $3/bin/java /etc/alternatives/java, result: $returnCode"
+
+mv /opt/container_files/usr-local-bin/* /usr/local/bin/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/usr-local-bin/* /usr/local/bin/, result: $returnCode"
+
+chmod +x /usr/local/bin/*.sh
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod +x /usr/local/bin/*.sh, result: $returnCode"
+
+mv /opt/container_files/httpd/* /etc/httpd/conf.d/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/httpd/* /etc/httpd/conf.d/, result: $returnCode"
+
+mv /opt/container_files/shibboleth/* /etc/shibboleth/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/shibboleth/* /etc/shibboleth/, result: $returnCode"
+
+cp /dev/null /etc/httpd/conf.d/ssl.conf
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp /dev/null /etc/httpd/conf.d/ssl.conf, result: $returnCode"
+
+rm -f /opt/tomee/bin/log4j-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomee/bin/log4j-*, result: $returnCode"
+
+mv /opt/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/, result: $returnCode"
+
+rm -f /opt/tomee/lib/slf4j-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/tomee/lib/slf4j-*, result: $returnCode"
+
+mv /opt/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/, result: $returnCode"
+
+rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*, result: $returnCode"
+
+mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/, result: $returnCode"
+
+touch /opt/grouper/grouperEnv.sh
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) touch /opt/grouper/grouperEnv.sh, result: $returnCode"
+
+mkdir -p /opt/tomee/work/Catalina/localhost/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/work/Catalina/localhost/, result: $returnCode"
+
+mkdir -p /opt/grouper/certs/client
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/client, result: $returnCode"
+
+mkdir -p /opt/grouper/certs/anchors
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/anchors, result: $returnCode"
+
+mv /opt/container_files/certs/* /opt/grouper/certs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+
+chown tomcat:root /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chown tomcat:root /opt/ /etc/httpd/conf/ /home/tomcat/ /opt/ /usr/local/bin /etc/httpd/conf.d/ /usr/lib/jvm/java/jre/lib/security/cacerts, result: $returnCode"
+
+lines=$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ ! -user tomcat -o ! -group root -print | wc -l)
+if [ $lines -ne 0 ]; then
+ chown -R tomcat:root $(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ ! -user tomcat -o ! -group root -print)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chown -R tomcat:root \$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ ! -user tomcat -o ! -group root -print), result: $returnCode"
+fi
+
+chmod g+rws /opt/ /etc/httpd/conf/ /home/tomcat/ /opt/ /usr/local/bin /etc/httpd/conf.d/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod g+rws /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/, result: $returnCode"
+
+chmod g+rw /usr/lib/jvm/java/jre/lib/security/cacerts
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod g+rw /usr/lib/jvm/java/jre/lib/security/cacerts, result: $returnCode"
+
+lines=$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws | wc -l)
+if [ $lines -ne 0 ]; then
+ chown -R tomcat:root $(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod -R g+rws \$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type d ! -perm -g+rws ), result: $returnCode"
+fi
+
+lines=$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type f ! -perm -g+rw | wc -l)
+if [ $lines -ne 0 ]; then
+ chown -R tomcat:root $(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type f ! -perm -g+rw)
+ returnCode=$?
+ echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod -R g+rw \$(find /opt/ /etc/httpd/conf/ /home/tomcat/ /usr/local/bin /etc/httpd/conf.d/ -type f ! -perm -g+rw ), result: $returnCode"
+fi
+
+rm -rf /opt/container_files
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/container_files, result: $returnCode"
+
diff --git a/container_files/grouper.installer.properties b/container_files/grouper.installer.properties
index c63c9d5f..78b76fe8 100644
--- a/container_files/grouper.installer.properties
+++ b/container_files/grouper.installer.properties
@@ -1,46 +1,5 @@
-# this should be before the version number
download.server.url = https://software.internet2.edu/grouper
-# default version to install
-grouper.version = 2.4.0
-# print out autorun keys in prompts so you can easily see how to configure the autorun
-grouperInstaller.print.autorunKeys = true
-# default to install or upgrade (default is install)
-grouperInstaller.default.installOrUpgrade = install
-
-##############################
-## Autorun properties
-##
-## If you uncomment one of these properties it will be used as empty, only uncomment to use
-##
-##############################
-
-grouperInstaller.autorun.forceInstallPatch = t
-grouperInstaller.autorun.installAllPatches = false
-grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
-# 2.4.0-a91-u56-w11-p12-20200210-rc1
-grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_91,grouper_v2_4_0_ui_patch_56,grouper_v2_4_0_ws_patch_11,grouper_v2_4_0_pspng_patch_12
-
-
-#### set this to true to try to use defaults for everything. Only things without default values will need to be set
+grouperInstaller.default.installOrUpgrade = buildContainer
grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
-########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
-## Note: not all of them need to be filled out for all operations
-# autorun grouper system password (its not secure to have a plain text pass in a config file)
-grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX
-
-grouperInstaller.autorun.deleteAndInitDatabase = t
-grouperInstaller.autorun.addQuickstartData = f
-grouperInstaller.autorun.installClient = f
-
-grouperInstaller.autorun.installGrouperActiveMqMessaging = f
-grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
-grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
-grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-# disable installing pspng, for now
-grouperInstaller.autorun.installPspng = t
-grouperInstaller.autorun.installPsp = f
+grouperInstaller.webAppWillBeInContainer = /opt/grouper/grouperWebapp
+grouperInstaller.autorun.buildContainerUseExistingJarIfExists = false
diff --git a/container_files/httpd/grouper-www.conf b/container_files/httpd/grouper-www.conf
index 562e47c6..47f2ff6e 100644
--- a/container_files/httpd/grouper-www.conf
+++ b/container_files/httpd/grouper-www.conf
@@ -1,20 +1,21 @@
-Timeout 2400
-ProxyTimeout 2400
+Timeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
+ProxyTimeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
ProxyBadHeader Ignore
-ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400
-ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400
-ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim timeout=2400
+# the variable for _ _GROUPER_APACHE_AJP_TIMEOUT_SECONDS_ _ will be replaced to default for one hour on startup env var $GROUPER_APACHE_AJP_TIMEOUT_SECONDS
+# the variable for _ _THE_AJP_URL_ _ (no spaces) will be replaced with something like: ajp://localhost:port/grouper on startup
+# the variable for _ _GROUPER_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper url
+# the variable for _ _GROUPERWS_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper-ws url
+# the variable for _ _GROUPERSCIM_PROXY_PASS_ _ (no spaces) will be replaced with comment of blank on startup if running grouper-ws-scim url
+# the variable for _ _GROUPER_TOMCAT_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_TOMCAT_CONTEXT
+# the variable for _ _GROUPER_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_URL_CONTEXT
+# the variable for _ _GROUPERWS_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPERWS_URL_CONTEXT
+# the variable for _ _GROUPERSCIM_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPERSCIM_URL_CONTEXT
+__GROUPER_PROXY_PASS__ProxyPass /__GROUPER_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
+__GROUPERWS_PROXY_PASS__ProxyPass /__GROUPERWS_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
+__GROUPERSCIM_PROXY_PASS__ProxyPass /__GROUPERSCIM_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
-RewriteEngine on
-RewriteCond %{REQUEST_URI} "^/$"
-RewriteRule . %{REQUEST_SCHEME}://%{HTTP_HOST}/grouper/ [R=301,L]
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/__GROUPER_URL_CONTEXT__/" [R]
-<Location /grouper>
- AuthType shibboleth
- ShibRequestSetting requireSession 1
- ShibRequireSession on
- ShibUseHeaders On
- require shibboleth
-</Location>
diff --git a/container_files/httpd/httpd.conf.noindexes.patch b/container_files/httpd/httpd.conf.noindexes.patch
new file mode 100644
index 00000000..d76a47fb
--- /dev/null
+++ b/container_files/httpd/httpd.conf.noindexes.patch
@@ -0,0 +1,11 @@
+--- httpd.conf.20200720 2020-07-19 14:50:57.470136000 +0000
++++ httpd.conf 2020-07-19 14:51:35.994475000 +0000
+@@ -141,7 +141,7 @@
+ # http://httpd.apache.org/docs/2.4/mod/core.html#options
+ # for more information.
+ #
+- Options Indexes FollowSymLinks
++ Options FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
diff --git a/container_files/httpd/ssl-enabled.conf b/container_files/httpd/ssl-enabled.conf
index 00d75a44..f213df76 100644
--- a/container_files/httpd/ssl-enabled.conf
+++ b/container_files/httpd/ssl-enabled.conf
@@ -5,22 +5,23 @@ SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
-SSLUseStapling on
+SSLUseStapling __GROUPER_SSL_USE_STAPLING__
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
-Listen 443 https
-<VirtualHost *:443>
- RewriteEngine on
- RewriteRule "^/$" "/grouper/" [R]
+Listen __GROUPER_APACHE_SSL_PORT__ https
+<VirtualHost *:__GROUPER_APACHE_SSL_PORT__>
+
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/grouper/" [R]
SSLEngine on
- SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
+ SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__
- SSLCertificateFile /etc/pki/tls/certs/host-cert.pem
+ SSLCertificateFile __GROUPER_SSL_CERT_FILE__
- SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem
+ SSLCertificateKeyFile __GROUPER_SSL_KEY_FILE__
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
diff --git a/container_files/java-corretto/corretto-signing-key.pub b/container_files/java-corretto/corretto-signing-key.pub
new file mode 100644
index 00000000..b0198ed7
--- /dev/null
+++ b/container_files/java-corretto/corretto-signing-key.pub
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBF3pShkBEADJzglehQDFlc1+9VFubVPzpq8ZYtzmJkNjf09scOUzaKZOm3Ar
+mPh9Rufk4mB7t1LP4JeHAKAS17ggCHGVxRGXAAQ9Laf8ibX4SiFO3Ehyyl3smuFf
+ZhexBnvc7vRc4EUlKqarCQRUlaraDOrmq7WbhXdvCgc4u2uBLwUjAd3PHQUByAZw
+lsEQzpQnehNomjrE0pO6ms9AhmpbXlf/yr14EXvlo4lTd8QUdvS+AOCYfrHb9WGO
+IEsyyDuzuf2grV/QFpoi0VBhTCyiNYXla2AfCreMGlOCYsjw1nU93OyAqF3SaTOC
+o52yrzcb2NpbBDwRXOHNwe1md+DbRwEfkaWr5I91FqRpgEeawqyxY1miJRHduhsz
+WTgTMBF/EQfmTspD2YBX/BjNJTrdDXYvACX8slVV/vBnpi+dEpVEK3hh21ij991S
+lv8YoFnoC7XP44C7WNpVQpGW9ZWpnjLCvm3DMKW0r3Vfb3XDYhnHI1Q14Pxn0cwf
+x1L2RA4doyWd1TRZBFBe2f0vSkZT0YFaibKaKi6AkDIMU/+u+/e3wWbYXqzsSITj
+ffMkpMMNSwxbm8JqnsudjuzdEsYAiBUcFMwWysQDcyu63un2OmLKLfKxy19vCpS1
+8mkNy95JuO4jZtu+IiinvSSjlbJmslu3uK3/cTRsWaB7BRtHewE7SugMOwARAQAB
+tEhBbWF6b24gU2VydmljZXMgTExDIChBbWF6b24gQ29ycmV0dG8gcmVsZWFzZSkg
+PGNvcnJldHRvLXRlYW1AYW1hem9uLmNvbT6JAjEEEwECABsFAl3pShkCGy8FCQlm
+AYAFFQgKCQsCHgECF4AACgkQoSJUKrBPJOOJDg/6AqmntaxDWX6qfR++0qwtD9Lp
+vgONFvA+9AYQeGt7OX79O/SSPy97Kvn6DYRBdelShTAH60DbXCUs42sIRFqRjmHY
+HfIgOkUJjWoJz9oQnY+mzAKbOohCrR+YIvyCegFb0dboDaqSQ4w68+d1is7L84pz
+ZB2j0nrQDbFihPmR+epfHkLUGGywuZHCdEFfD8nXMOJeVbgSzf7Vhl8ZrydIkZTI
+7aASG5MkDO/GuVpEGQYAnH9h/jzJlfUKndswC6UFcM5Ol07pDPdHVBAi9q1SyxDe
+uSS1NgDW7OW7zgpB+4/PrZKKiEP/fBAWa9nFSLwTaMdsoaAuQAmmgbqYfy3XXKK7
+IBaKSnJpQDvNb0vmXJEY3qX2Bfh0p1KCeaQhYwIJi8rPQWC24fiLY9bdCIlkbbPQ
+CSNOEq9nUWRg9KbUGmd/PWSkT6Jheyq3BZBF1YPYEt8o/l437HHd08lREqH0sana
+Hb72GZTi2RUrNBBp5C1e8MqllXE6RKmri2m0TSBHR5C4ZLII9duyA839dYIA4KGU
+nmetZckuRuwHFmd3/YWtMEfn47UedzhVT16z3OvBipHU1BKzLGcvUFXrUKvpJQlh
+dNPUQh+wb91EzItjkJ96m+N+81iQdN3yd8cE38NTA8b+Qc7tmTYxwNZxcv16FxLA
+y2VhKc09A8RwSI69vDs=
+=ZNRH
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/container_files/tier-support/grouper-ws-scim.xml b/container_files/tier-support/grouper-ws-scim.xml
deleted file mode 100644
index bb15b17a..00000000
--- a/container_files/tier-support/grouper-ws-scim.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<Context docBase="/opt/grouper/grouper.scim/" path="/grouper-ws-scim" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
-
-
diff --git a/container_files/tier-support/grouper-ws.xml b/container_files/tier-support/grouper-ws.xml
deleted file mode 100644
index b9aa6478..00000000
--- a/container_files/tier-support/grouper-ws.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<Context docBase="/opt/grouper/grouper.ws/" path="/grouper-ws" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
diff --git a/container_files/tier-support/grouper.xml b/container_files/tier-support/grouper.xml
deleted file mode 100644
index 22cfbd8a..00000000
--- a/container_files/tier-support/grouper.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<Context docBase="/opt/grouper/grouper.ui/" path="/grouper" reloadable="false">
- <!-- Allow our symlinks to work-->
- <Resources allowLinking="true" />
-</Context>
diff --git a/container_files/tier-support/httpd-shib.conf b/container_files/tier-support/httpd-shib.conf
new file mode 100644
index 00000000..134c70bd
--- /dev/null
+++ b/container_files/tier-support/httpd-shib.conf
@@ -0,0 +1,7 @@
+<Location /grouper>
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ ShibRequireSession on
+ ShibUseHeaders On
+ require shibboleth
+</Location>
diff --git a/container_files/tier-support/log4j_fix/tomeeBin/log4j-api-2.17.1.jar b/container_files/tier-support/log4j_fix/tomeeBin/log4j-api-2.17.1.jar
new file mode 100644
index 00000000..605c45d0
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomeeBin/log4j-api-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomeeBin/log4j-core-2.17.1.jar b/container_files/tier-support/log4j_fix/tomeeBin/log4j-core-2.17.1.jar
new file mode 100644
index 00000000..bbead126
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomeeBin/log4j-core-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomeeBin/log4j-jul-2.17.1.jar b/container_files/tier-support/log4j_fix/tomeeBin/log4j-jul-2.17.1.jar
new file mode 100644
index 00000000..bab94c2b
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomeeBin/log4j-jul-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomeeLib/slf4j-api-1.7.32.jar b/container_files/tier-support/log4j_fix/tomeeLib/slf4j-api-1.7.32.jar
new file mode 100644
index 00000000..b16a0785
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomeeLib/slf4j-api-1.7.32.jar differ
diff --git a/container_files/tier-support/log4j_fix/tomeeLib/slf4j-jdk14-1.7.32.jar b/container_files/tier-support/log4j_fix/tomeeLib/slf4j-jdk14-1.7.32.jar
new file mode 100644
index 00000000..c38b303c
Binary files /dev/null and b/container_files/tier-support/log4j_fix/tomeeLib/slf4j-jdk14-1.7.32.jar differ
diff --git a/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar b/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar
new file mode 100644
index 00000000..25320a46
Binary files /dev/null and b/container_files/tier-support/log4j_fix/webinfLib/log4j-1.2-api-2.17.1.jar differ
diff --git a/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar b/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar
new file mode 100644
index 00000000..b16a0785
Binary files /dev/null and b/container_files/tier-support/log4j_fix/webinfLib/slf4j-api-1.7.32.jar differ
diff --git a/container_files/tier-support/supervisord-base.conf b/container_files/tier-support/supervisord-base.conf
new file mode 100644
index 00000000..10768344
--- /dev/null
+++ b/container_files/tier-support/supervisord-base.conf
@@ -0,0 +1,16 @@
+[supervisord]
+logfile=/tmp/logsuperd ; supervisord log file
+logfile_maxbytes=0 ; maximum size of logfile before rotation
+loglevel=error ; info, debug, warn, trace
+nodaemon=true ; run supervisord as a daemon
+__GROUPER_RUN_PROCESSES_AS_USERS__user=root ; default user
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
+
+; Our processes
+; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
+
diff --git a/container_files/tier-support/supervisord-httpd.conf b/container_files/tier-support/supervisord-httpd.conf
new file mode 100644
index 00000000..9e293b84
--- /dev/null
+++ b/container_files/tier-support/supervisord-httpd.conf
@@ -0,0 +1,7 @@
+[program:httpd]
+command=httpd -DFOREGROUND
+stderr_logfile = /tmp/loghttpd
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/loghttpd
+stdout_logfile_maxbytes=0
+
diff --git a/container_files/tier-support/supervisord-shibsp.conf b/container_files/tier-support/supervisord-shibsp.conf
new file mode 100644
index 00000000..8a41f175
--- /dev/null
+++ b/container_files/tier-support/supervisord-shibsp.conf
@@ -0,0 +1,8 @@
+[program:shibbolethsp]
+__GROUPER_RUN_PROCESSES_AS_USERS__user=shibd
+command=/usr/sbin/shibd -f -F
+stderr_logfile = /tmp/logshibd
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/logshibd
+stdout_logfile_maxbytes=0
+environment=LD_LIBRARY_PATH=/opt/shibboleth/lib64
diff --git a/container_files/tier-support/supervisord-tomcat.conf b/container_files/tier-support/supervisord-tomcat.conf
deleted file mode 100644
index 30631e41..00000000
--- a/container_files/tier-support/supervisord-tomcat.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
-[program:shibbolethsp]
-user=shibd
-command=/usr/sbin/shibd -f -F
-stderr_logfile = /tmp/logshidb
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logshidb
-stdout_logfile_maxbytes=0
-
-[program:tomcat]
-user=tomcat
-command=/opt/tomcat/bin/catalina.sh run
-stderr_logfile = /tmp/logtomcat
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/logtomcat
-stdout_logfile_maxbytes=0
-
diff --git a/container_files/tier-support/supervisord-tomee.conf b/container_files/tier-support/supervisord-tomee.conf
index 35e19488..52fe3c43 100644
--- a/container_files/tier-support/supervisord-tomee.conf
+++ b/container_files/tier-support/supervisord-tomee.conf
@@ -1,31 +1,9 @@
-[supervisord]
-logfile=/tmp/logsuperd ; supervisord log file
-logfile_maxbytes=0 ; maximum size of logfile before rotation
-loglevel=error ; info, debug, warn, trace
-nodaemon=true ; run supervisord as a daemon
-user=root ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
[program:tomee]
-user=tomcat
+__GROUPER_RUN_PROCESSES_AS_USERS__user=tomcat
command=/opt/tomee/bin/catalina.sh run
stderr_logfile = /tmp/logtomcat
stderr_logfile_maxbytes=0
stdout_logfile = /tmp/logtomcat
stdout_logfile_maxbytes=0
+
diff --git a/container_files/tier-support/supervisord.conf b/container_files/tier-support/supervisord.conf
new file mode 100644
index 00000000..ecd11efe
--- /dev/null
+++ b/container_files/tier-support/supervisord.conf
@@ -0,0 +1,15 @@
+[supervisord]
+logfile=/tmp/logsuperd ; supervisord log file
+logfile_maxbytes=0 ; maximum size of logfile before rotation
+loglevel=error ; info, debug, warn, trace
+nodaemon=true ; run supervisord as a daemon
+__GROUPER_RUN_PROCESSES_AS_USERS__user=root ; default user
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
+
+; Our processes
+; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh
new file mode 100644
index 00000000..8305ad4f
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTest.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+if [ "$#" -ne 4 ]; then
+ echo "You must enter exactly 4 command line arguments: container-name, image-name, container version, and grouper version, e.g. grouper-test my-grouper-2.5.27:latest 2.5.27 2.5.27"
+ exit 1
+fi
+
+expectedSuccesses=716
+
+export containerName=$1
+export imageName=$2
+export containerVersion=$3
+export grouperVersion=$4
+export globalSleepSecondsAfterRun=10
+export globalExitOnError=false
+
+export successCount=0
+export failureCount=0
+
+. ./grouperContainerUnitTestLibrary.sh
+
+. ./grouperContainerUnitTestDaemon.sh
+. ./grouperContainerUnitTestUi.sh
+. ./grouperContainerUnitTestUi2.sh
+. ./grouperContainerUnitTestUiNoSsl.sh
+. ./grouperContainerUnitTestUiNoSslOrClient.sh
+. ./grouperContainerUnitTestUiDifferentPorts.sh
+. ./grouperContainerUnitTestSlashRoot.sh
+. ./grouperContainerUnitTestSelfSigned.sh
+. ./grouperContainerUnitTestScim.sh
+. ./grouperContainerUnitTestWs.sh
+. ./grouperContainerUnitTestWsAuthn.sh
+. ./grouperContainerUnitTestQuickstart.sh
+. ./grouperContainerUnitTestUiSubimage.sh
+. ./grouperContainerUnitTestUiSubimageNonroot.sh
+
+testContainerUi
+testContainerUi2
+testContainerUiNoSsl
+testContainerUiNoSslOrClient
+testContainerSlashRoot
+testContainerSelfSigned
+testContainerUiDifferentPorts
+testContainerScim
+testContainerWs
+testContainerWsAuthn
+testContainerQuickstart
+testContainerDaemon
+testContainerUiSubimage
+testContainerUiSubimageNonroot
+
+dockerRemoveContainer
+dockerRemoveSubimage
+
+
+
+echo ""
+echo "$successCount successes, $failureCount failures"
+if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ] ; then
+ success=true
+ echo "SUCCESS!"
+else
+ success=false
+ echo "ERROR, expected $expectedSuccesses successes and 0 failures"
+fi
+echo ""
+unset -f containerName
+unset -f imageName
+unset -f containerVersion
+unset -f globalSleepSecondsAfterRun
+unset -f testContainerQuickstart
+unset -f testContainerDaemon
+unset -f testContainerUi
+unset -f testContainerUiSubimage
+unset -f testContainerUiSubimageNonroot
+unset -f testContainerUiNoSsl
+unset -f testContainerUiDifferentPorts
+unset -f testContainerSlashRoot
+unset -f testContainerSelfSigned
+unset -f testContainerScim
+unset -f testContainerWs
+unset -f successCount
+unset -f failureCount
+grouperContainerUnitTestLibrary_unsetAll
+
+if [ "$success" = "true" ]; then
+ exit 0
+else
+ exit 1
+fi
diff --git a/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
new file mode 100644
index 00000000..765dd709
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestDaemon.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+testContainerDaemon() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as daemon
+ echo "docker run --detach --name $containerName --publish 443:443 $imageName daemon"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 $imageName daemon
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "true"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-daemon"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVarNot GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 0
+ assertNumberOfShibProcesses 0
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerDaemon
diff --git a/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
new file mode 100644
index 00000000..29fca8e5
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestLibrary.sh
@@ -0,0 +1,285 @@
+#!/bin/bash
+
+dockerRemoveContainer() {
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 arguments"
+ exit 1
+ fi
+ if [ "$(docker ps -a | grep $containerName)" ]
+ then
+ docker rm -f $containerName
+ fi
+}
+
+dockerRemoveSubimage() {
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 arguments"
+ exit 1
+ fi
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+ if [ "$(docker images | grep $subimageId)" ]
+ then
+ docker rmi -f $subimageName
+ fi
+}
+
+# pass in string description, expected value, actual value
+assertEquals() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, expected value, actual value"
+ exit 1
+ fi
+
+ if [ "$2" != "$3" ]
+ then
+ echo "ERROR: $1: expected '$2' but received '$3'"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: $2"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in string description, expected value, actual value it should not be
+assertNotEquals() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, expected value, actual value it should not be"
+ exit 1
+ fi
+
+ if [ "$2" = "$3" ]
+ then
+ echo "ERROR: $1: expected '$2' to not equals '$3' but was equal"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: not equal to: '$2', is: '$3'"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in string description, first value, less than second valuee
+assertLessThan() {
+ if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 arguments: statement, first value, second value"
+ exit 1
+ fi
+
+ if [ "$2" -ge "$3" ]
+ then
+ echo "ERROR: $1: expecting '$2' < '$3'"
+ if [ "$globalExitOnError" = "true" ]; then
+ exit 1
+ fi
+ export failureCount=$((failureCount+1))
+ else
+ echo "SUCCESS: $1: '$2' < '$3'"
+ export successCount=$((successCount+1))
+ fi
+}
+
+# pass in file name, value
+assertFileContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+# pass in file name, value
+assertLocalFileContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+assertFileNotContains() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: file name, and value"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should not contain '$2'" "0" "$var"
+}
+
+assertFileExists() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: file to check"
+ exit 1
+ fi
+ local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should exist" "1" "$var"
+}
+
+assertFileNotExists() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: file to check"
+ exit 1
+ fi
+ local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "file $1 should not exist" "0" "$var"
+}
+
+assertListeningOnPort() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: port"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "listening on port $1" "1" "$var"
+}
+
+assertNotListeningOnPort() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: port"
+ exit 1
+ fi
+
+ local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "not listening on port $1" "0" "$var"
+}
+
+containerCommandResultEquals() {
+
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the command to run and the expected result"
+ exit 1
+ fi
+ local command="docker exec $containerName $1"
+ local var="$(runCommand "$command")"
+ assertEquals "$1" "$2" "$var"
+
+}
+
+runCommand() {
+ if [ "$#" -ne 1 ]; then
+ echo "Pass the command to run"
+ exit 1
+ fi
+ local command=$1
+ local var=$(eval "$command")
+ # for some reason sometimes whitespace is there
+ local var=$(echo -e "${var}" | tr -d '\r' | tr -d '\n')
+ echo $var
+}
+
+assertNumberOfTomcatProcesses() {
+ if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 arguments: the number of tomcat processes"
+ exit 1
+ fi
+ local command="docker exec -it $containerName ps -ef | grep "^tomcat" | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "tomcat process count" "$1" "$var"
+}
+
+assertNumberOfApacheProcesses() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: the number of apache processes"
+ exit 1
+ fi
+ local command="docker exec -it $containerName ps -ef | grep "^apache" | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "apache process count" "$1" "$var"
+}
+
+assertNumberOfShibProcesses() {
+ if [ "$#" -ne 1 ]; then
+ # generally 0 or 5 processes
+ echo "You must enter exactly 1 arguments: the number of shib processes"
+ exit 1
+ fi
+ local command="docker exec -it $containerName ps -ef | grep "^shibd" | wc -l | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "shib process count" "$1" "$var"
+}
+
+assertEnvVar() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the env var name and value"
+ exit 1
+ fi
+ local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+ local var="$(runCommand "$command")"
+ assertEquals "env var $1" "$2" "$var"
+}
+
+assertEnvVarNot() {
+ if [ "$#" -ne 2 ]; then
+ echo "You must enter exactly 2 arguments: the env var name and value"
+ exit 1
+ fi
+ local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+ local var="$(runCommand "$command")"
+ assertNotEquals "env var $1" "$2" "$var"
+}
+
+grouperContainerUnitTestLibrary_unsetAll() {
+ unset -f assertEnvVar
+ unset -f assertEnvVarNot
+ unset -f assertEquals
+ unset -f assertFileContains
+ unset -f assertFileExists
+ unset -f assertFileNotContains
+ unset -f assertFileNotExists
+ unset -f assertLessThan
+ unset -f assertListeningOnPort
+ unset -f assertNotEquals
+ unset -f assertNotListeningOnPort
+ unset -f assertNumberOfApacheProcesses
+ unset -f assertNumberOfShibProcesses
+ unset -f assertNumberOfTomcatProcesses
+ unset -f dockerRemoveContainer
+ unset -f dockerRemoveSubimage
+ unset -f grouperContainerUnitTestLibrary_unsetAll
+ unset -f runCommand
+}
+
+grouperContainerUnitTestLibrary_exportAll() {
+ export -f assertEnvVar
+ export -f assertEnvVarNot
+ export -f assertEquals
+ export -f assertFileContains
+ export -f assertFileExists
+ export -f assertFileNotContains
+ export -f assertFileNotExists
+ export -f assertLessThan
+ export -f assertListeningOnPort
+ export -f assertNotEquals
+ export -f assertNotListeningOnPort
+ export -f assertNumberOfApacheProcesses
+ export -f assertNumberOfShibProcesses
+ export -f assertNumberOfTomcatProcesses
+ export -f dockerRemoveContainer
+ export -f dockerRemoveSubimage
+ export -f grouperContainerUnitTestLibrary_unsetAll
+ export -f runCommand
+}
+
+# export everything
+grouperContainerUnitTestLibrary_exportAll
diff --git a/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
new file mode 100644
index 00000000..27c74f77
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+
+testContainerQuickstart() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as quickstart
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis \ "
+ echo "-e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis -e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties GROUPERSYSTEM_QUICKSTART_PASS
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper;"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS ""
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "true"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_SHIB_SP "false"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "true"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "0.0.0.0/0"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "true"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "true"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 0
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertListeningOnPort 9001
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+ assertLocalFileContains index.html document.location.href
+
+ curl -L -k https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'end index.jsp'
+
+ curl -L -k https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+ assertLocalFileContains index.html '"resultCode":"SUCCESS"'
+
+ curl -L -k https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+ assertLocalFileContains index.html 'HTTP Status 401'
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+ assertLocalFileContains index.html 'etc:workflowEditors'
+
+ docker stop $containerName
+ docker start $containerName
+
+ sleep $globalSleepSecondsAfterRun
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 0
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertListeningOnPort 9001
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+ assertLocalFileContains index.html document.location.href
+
+ curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+ assertLocalFileContains index.html 'end index.jsp'
+
+ containerCommandResultEquals "ps -ef | grep root | grep cat | grep -v grep | wc -l" 6
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep supervisord | wc -l" 1
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep grouper | wc -l" 1
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep httpd | wc -l" 1
+ containerCommandResultEquals "ps -ef | grep root | grep awk | grep tomee | wc -l" 1
+
+}
+export -f testContainerQuickstart
diff --git a/container_files/tier-support/test/grouperContainerUnitTestScim.sh b/container_files/tier-support/test/grouperContainerUnitTestScim.sh
new file mode 100644
index 00000000..26637757
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestScim.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+testContainerScim() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as scim
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName scim"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName scim
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-scim;"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS ""
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-scim"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "true"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_WS_ONLY "true"
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 0
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerScim
diff --git a/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
new file mode 100644
index 00000000..148b61d3
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+
+testContainerSelfSigned() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with self signed cert
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/localhost.crt"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/localhost.key"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/localhost.crt"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/localhost.key"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /grouper ajp://localhost:8009/grouper timeout=3600"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws ajp://localhost:8009/grouper timeout=3600"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper timeout=3600"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "\"/grouper/\""
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader myRemoteIpHeader"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy 10.0.2.16/28"
+
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_SELF_SIGNED_CERT "true"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 1
+
+
+}
diff --git a/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh
new file mode 100644
index 00000000..42e012c9
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+testContainerSlashRoot() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with slashRoot mounted
+ echo "docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui"
+ echo '################'
+ echo
+
+ local someDir=$(pwd)/someDir
+ rm -rf someDir
+ mkdir -p someDir/tmp
+ echo 'whatever' > someDir/tmp/temp.txt
+ mkdir -p someDir/opt/grouper/grouperWebapp/WEB-INF/classes
+ echo 'someSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt
+ echo 'otherSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt
+
+ docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /tmp/temp.txt
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "someSettings"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "otherSettings"
+
+
+ #rm -rf someDir
+
+}
+export -f testContainerSlashRoot
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
new file mode 100644
index 00000000..21d757ee
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
@@ -0,0 +1,134 @@
+#!/bin/bash
+
+testContainerUi() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+
+ assertFileContains /opt/tomee/conf/server.xml 'address="0.0.0.0"'
+ assertFileContains /opt/tomee/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/host-cert.pem"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "RewriteRule"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "RewriteRule"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/host-cert.pem"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/host-key.pem"
+ assertEnvVarNot GROUPER_SSL_CHAIN_FILE "/etc/pki/tls/certs/cachain.pem"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+ assertFileContains /opt/tomee/conf/Catalina/localhost/grouper.xml 'cookies="true"'
+
+ assertFileNotContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+ assertFileContains /opt/tomee/conf/web.xml "<session-timeout>600</session-timeout>"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "ServerName"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy"
+
+ assertFileNotContains /opt/tomee/conf/server.xml "AccessLogValve"
+
+ assertFileContains /opt/tomee/conf/server.xml "maxHeaderCount"
+ assertFileContains /opt/tomee/conf/server.xml "200"
+ assertFileNotContains /opt/tomee/conf/server.xml "1235"
+
+ assertFileContains /opt/tomee/conf/server.xml "tomcatAuthentication"
+
+ assertEnvVarNot GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+ assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "false"
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 0
+ assertNumberOfShibProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+ assertListeningOnPort 8080
+ #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
new file mode 100644
index 00000000..01acfece
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+testContainerUi2() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=1235 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+
+ assertFileContains /opt/tomee/conf/server.xml 'address="0.0.0.0"'
+ assertFileContains /opt/tomee/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+ assertFileContains /opt/tomee/conf/server.xml "maxHeaderCount"
+ assertFileContains /opt/tomee/conf/server.xml "1235"
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling off"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /a/b/cert"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /a/b/key"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /a/b/chain"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "grouper/status"
+
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+ assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "true"
+ assertEnvVar GROUPER_SSL_CERT_FILE "/a/b/cert"
+ assertEnvVar GROUPER_SSL_KEY_FILE "/a/b/key"
+ assertEnvVar GROUPER_SSL_CHAIN_FILE "/a/b/chain"
+ assertEnvVar GROUPER_SSL_USE_STAPLING "false"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 0
+ assertNumberOfShibProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+ assertListeningOnPort 8080
+ #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi2
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
new file mode 100644
index 00000000..9857d002
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+testContainerUiDifferentPorts() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui with self signed cert with different ports
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "81"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "444"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "2999"
+
+ assertEnvVar GROUPER_TOMCAT_HTTP_PORT "8600"
+ assertEnvVar GROUPER_TOMCAT_AJP_PORT "8601"
+ assertEnvVar GROUPER_TOMCAT_SHUTDOWN_PORT "8602"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "2999"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "2400"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status2_grouper/status ajp://localhost:8601/grouper/status timeout=2401"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 444 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileNotContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 81"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 1
+
+ assertListeningOnPort 444
+ assertListeningOnPort 81
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8600
+ assertListeningOnPort 8601
+ #assertListeningOnPort 8602
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiDifferentPorts
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
new file mode 100644
index 00000000..0a729f9e
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+testContainerUiNoSsl() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui without SSL with SSL client
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_TOMCAT_MAX_HEADER_COUNT=-1 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+ assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
+ assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
+ assertFileNotExists /etc/httpd/conf.d/ssl.conf
+
+ assertFileContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileContains /opt/tomee/conf/server.xml "AccessLogValve"
+ assertFileContains /opt/tomee/conf/server.xml 'secure="true"'
+ assertFileContains /opt/tomee/conf/server.xml 'scheme="https"'
+ assertFileNotContains /opt/tomee/conf/server.xml 'scheme="http"'
+ assertFileContains /opt/tomee/conf/web.xml "<session-timeout>30</session-timeout>"
+
+ assertFileNotContains /opt/tomee/conf/server.xml "maxHeaderCount"
+
+ assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "true"
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "false"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true"
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 1
+
+ assertNotListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
new file mode 100644
index 00000000..5718c9d0
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+testContainerUiNoSslOrClient() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ui without SSL with non-SSL client
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+ assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
+ assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
+ assertFileNotExists /etc/httpd/conf.d/ssl.conf
+
+ assertFileNotContains /opt/tomee/conf/server.xml 'secure="true"'
+ assertFileNotContains /opt/tomee/conf/server.xml 'scheme="https"'
+ assertFileContains /opt/tomee/conf/server.xml 'scheme="http"'
+
+ assertEnvVar GROUPER_USE_SSL "false"
+ assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false"
+
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 1
+
+ assertNotListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
new file mode 100644
index 00000000..daafec7e
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+
+testContainerUiSubimage() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+ dockerRemoveSubimage
+
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+
+ echo "" > Dockerfile
+ echo "FROM $imageName" >> Dockerfile
+ echo "ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES 1.1.1.1/32" >> Dockerfile
+ echo "" >> Dockerfile
+
+ echo
+ echo '################'
+ echo Running container with subimage as ui
+ echo cat DockerFile
+ cat Dockerfile
+ echo "docker build -t $subimageId ."
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui"
+ echo '################'
+ echo
+
+ docker build -t "$subimageId" .
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVar GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "1.1.1.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ assertNumberOfTomcatProcesses 1
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 0
+ assertNumberOfShibProcesses 1
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiSubimage
diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
new file mode 100644
index 00000000..9bbf34e1
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+testContainerUiSubimageNonroot() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+ dockerRemoveSubimage
+
+ subimageId="my_$containerName"
+ subimageName="$subimageId:latest"
+ myId="$(id -u)"
+
+ echo "" > Dockerfile
+ echo "FROM $imageName" >> Dockerfile
+ echo "RUN /usr/local/bin/changeUid.sh tomcat $myId" >> Dockerfile
+ echo "" >> Dockerfile
+
+ echo
+ echo '################'
+ echo Running container with subimage as ui without root
+ echo cat DockerFile
+ cat Dockerfile
+ echo "docker build -t $subimageId ."
+ echo "docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui"
+ echo '################'
+ echo
+
+ docker build -t "$subimageId" .
+
+ docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "/tmp/logpipe"
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ui;"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS "#"
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVarNot GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS ""
+ assertEnvVarNot GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+ assertEnvVar GROUPER_UI "true"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "false"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+ #tomcat doesnt like no database there
+ #assertNumberOfTomcatProcesses 13
+ # bad cert apache wont start
+ assertNumberOfApacheProcesses 0
+ assertNumberOfShibProcesses 0
+
+ assertNotListeningOnPort 443
+ assertNotListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerUiSubimageNonroot
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWs.sh b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
new file mode 100644
index 00000000..433ea3dc
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+
+testContainerWs() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ws
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+ assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+ assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+ assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+ assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+
+ assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WS_ONLY "true"
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 0
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerWs
diff --git a/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
new file mode 100644
index 00000000..a89fab85
--- /dev/null
+++ b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+
+testContainerWsAuthn() {
+
+ if [ "$#" -ne 0 ]; then
+ echo "You must enter exactly 0 command line arguments"
+ exit 1
+ fi
+
+ dockerRemoveContainer
+
+ echo
+ echo '################'
+ echo Running container as ws with tomcat authn
+ echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
+ echo '################'
+ echo
+
+ docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
+ sleep $globalSleepSecondsAfterRun
+
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+ assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+ assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+ assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+ assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+ assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+ assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+ assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+ assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+ assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+ assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+ assertFileNotContains /opt/tier-support/supervisord.conf "__"
+ assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+ assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+ assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+ assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
+
+ assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml "grouper-ws;"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+ assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
+ assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+
+ assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+ assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+ assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+ assertEnvVar GROUPERWS_PROXY_PASS ""
+ assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+ assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+ assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+ assertEnvVar GROUPER_CHOWN_DIRS "true"
+ assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+ assertEnvVar GROUPER_DAEMON "false"
+ assertEnvVar GROUPER_GSH_CHECK_USER "true"
+ assertEnvVar GROUPER_GSH_USER "tomcat"
+ assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+ assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+ assertEnvVar GROUPER_MAX_MEMORY "1500m"
+ assertEnvVar GROUPER_PROXY_PASS "#"
+ assertEnvVar GROUPER_RUN_APACHE "true"
+ assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+ assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+ assertEnvVar GROUPER_RUN_TOMEE "true"
+ assertEnvVar GROUPER_SCIM "false"
+ assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+ assertEnvVar GROUPER_UI "false"
+ assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+ assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+ assertEnvVarNot GROUPER_UI_ONLY "true"
+ assertEnvVar GROUPER_URL_CONTEXT "grouper"
+ assertEnvVar GROUPER_USE_SSL "true"
+ assertEnvVar GROUPER_WS "true"
+ assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+ assertEnvVar GROUPER_WS_ONLY "true"
+
+ assertNumberOfTomcatProcesses 1
+ assertNumberOfApacheProcesses 5
+ assertNumberOfShibProcesses 0
+
+ assertListeningOnPort 443
+ assertListeningOnPort 80
+ assertListeningOnPort 8009
+ assertNotListeningOnPort 9001
+
+}
+export -f testContainerWsAuthn
diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh
new file mode 100644
index 00000000..01c548b1
--- /dev/null
+++ b/container_files/tier-support/test/rebuildTestContainer.sh
@@ -0,0 +1,36 @@
+#/bin/bash
+
+if [ "$#" -ne 3 ]; then
+ echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir"
+ echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container"
+ exit 1
+fi
+
+export grouperBaseImageName=$1
+export grouperBaseContainerVersion=$2
+export grouperContainerGitPath=$3
+export subimageName=my-grouper-$2
+
+export reldir=`dirname $0`
+cd $reldir
+
+# /mnt/c/mchyzer/git/grouper_container
+mkdir -p slashRoot/usr/local/bin
+rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin
+
+mkdir -p slashRoot/etc/httpd/conf.d
+rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d
+
+mkdir -p slashRoot/opt/tier-support/originalFiles
+rsync -avzpl $grouperContainerGitPath/container_files/httpd/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles
+
+rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
+
+#mkdir -p slashRoot/opt/tomee/conf
+#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/
+
+sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile"
+
+docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
+
+echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion"
\ No newline at end of file
diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile
new file mode 100644
index 00000000..27001cff
--- /dev/null
+++ b/container_files/tier-support/test/testContainer.Dockerfile
@@ -0,0 +1,11 @@
+# this matches the version you decided on from release notes
+ARG GROUPER_VERSION=2.5.XX
+
+# --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION}
+FROM i2incommon/grouper:2.5.XX
+
+# this will overlay all the files from /opt/grouperContainer/slashRoot on to /
+COPY slashRoot /
+
+RUN chown -R tomcat:root /opt/grouper \
+ && chown -R tomcat:root /opt/tomee
\ No newline at end of file
diff --git a/container_files/tier-support/web.wsTomcatAuthn.xml b/container_files/tier-support/web.wsTomcatAuthn.xml
new file mode 100644
index 00000000..0062ba9e
--- /dev/null
+++ b/container_files/tier-support/web.wsTomcatAuthn.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Web services</web-resource-name>
+ <url-pattern>/services/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>grouper_user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Web services</web-resource-name>
+ <url-pattern>/servicesRest/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <!-- NOTE: This role is not present in the default users file -->
+ <role-name>grouper_user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>Grouper Application</realm-name>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to web service
+ </description>
+ <role-name>grouper_user</role-name>
+ </security-role>
+
+</web-app>
\ No newline at end of file
diff --git a/container_files/tomcat/bin/setenv.sh b/container_files/tomcat/bin/setenv.sh
deleted file mode 100755
index c6130b5c..00000000
--- a/container_files/tomcat/bin/setenv.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-CLASSPATH=/opt/tomcat/bin/*
-JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomcat/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
\ No newline at end of file
diff --git a/container_files/tomcat/conf/log4j2.xml b/container_files/tomcat/conf/log4j2.xml
deleted file mode 100644
index 673de68c..00000000
--- a/container_files/tomcat/conf/log4j2.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Configuration status="info">
- <Properties>
- <Property name="layout">%d [%t] %-5p %c- %m%n</Property>
- </Properties>
- <Appenders>
- <File name="CATALINA"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomcat;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
- <File name="LOCALHOST"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomcat;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
-
- </Appenders>
- <Loggers>
- <Root level="info">
- <AppenderRef ref="CATALINA"/>
- </Root>
- <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
- level="info" additivity="false">
- <AppenderRef ref="LOCALHOST"/>
- </Logger>
- </Loggers>
-</Configuration>
\ No newline at end of file
diff --git a/container_files/tomcat/conf/tomcat-users.xml b/container_files/tomcat/conf/tomcat-users.xml
deleted file mode 100644
index cef36cd4..00000000
--- a/container_files/tomcat/conf/tomcat-users.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<role rolename="grouper_user"/>
-<!--<user username="GrouperSystem" password="XXXXXXXXXX" roles="grouper_user"/> -->
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
-</tomcat-users>
\ No newline at end of file
diff --git a/container_files/tomee/bin/setenv.sh b/container_files/tomee/bin/setenv.sh
index 2387d613..bf08bddf 100755
--- a/container_files/tomee/bin/setenv.sh
+++ b/container_files/tomee/bin/setenv.sh
@@ -1,3 +1,4 @@
CLASSPATH=/opt/tomee/bin/*
-JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
\ No newline at end of file
+#JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
+CATALINA_OPTS="-Xmx$GROUPER_MAX_MEMORY -XX:+UseG1GC -XX:+UseStringDeduplication -Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV='$ENV' -DUSERTOKEN='$USERTOKEN' -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts $GROUPER_EXTRA_CATALINA_OPTS"
+LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
diff --git a/container_files/tomee/conf/Catalina/localhost/grouper.xml b/container_files/tomee/conf/Catalina/localhost/grouper.xml
new file mode 100644
index 00000000..66652991
--- /dev/null
+++ b/container_files/tomee/conf/Catalina/localhost/grouper.xml
@@ -0,0 +1,3 @@
+<Context docBase="/opt/grouper/grouperWebapp/" path="/__GROUPER_TOMCAT_CONTEXT__" reloadable="false" cookies="__GROUPER_CONTEXT_COOKIES__" >
+ <Resources allowLinking="true" />
+</Context>
diff --git a/container_files/tomee/conf/log4j2.xml b/container_files/tomee/conf/log4j2.xml
deleted file mode 100644
index a4bbc1b5..00000000
--- a/container_files/tomee/conf/log4j2.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Configuration status="info">
- <Properties>
- <Property name="layout">%d [%t] %-5p %c- %m%n</Property>
- </Properties>
- <Appenders>
- <File name="CATALINA"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomee;catalina.out;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
- <File name="LOCALHOST"
- fileName="/tmp/logpipe">
- <PatternLayout pattern="tomee;localhost.log;${env:ENV};${env:USERTOKEN};${layout}"/>
- </File>
-
- </Appenders>
- <Loggers>
- <Root level="info">
- <AppenderRef ref="CATALINA"/>
- </Root>
- <Logger name="org.apache.catalina.core.ContainerBase.[Catalina].[localhost]"
- level="info" additivity="false">
- <AppenderRef ref="LOCALHOST"/>
- </Logger>
- </Loggers>
-</Configuration>
\ No newline at end of file
diff --git a/container_files/tomee/conf/server.xml.loggingpipe b/container_files/tomee/conf/server.xml.loggingpipe
new file mode 100644
index 00000000..c14bc65f
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.loggingpipe
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp"
+ prefix="tomcat_access_log"
+ rotatable="false" pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomee/conf/server.xml.loggingpipe.patch b/container_files/tomee/conf/server.xml.loggingpipe.patch
new file mode 100644
index 00000000..4b5838bf
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.loggingpipe.patch
@@ -0,0 +1,15 @@
+--- server.xml.turnOnAjp 2020-07-21 22:01:04.000000000 -0400
++++ server.xml.loggingpipe 2020-07-21 21:59:08.000000000 -0400
+@@ -159,9 +159,9 @@
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+- prefix="localhost_access_log" suffix=".txt"
+- pattern="%h %l %u %t "%r" %s %b" />
++ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp"
++ prefix="tomcat_access_log"
++ rotatable="false" pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
diff --git a/container_files/tomee/conf/server.xml.nologging b/container_files/tomee/conf/server.xml.nologging
new file mode 100644
index 00000000..03c762e1
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.nologging
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+
+
+
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomee/conf/server.xml.nologging.patch b/container_files/tomee/conf/server.xml.nologging.patch
new file mode 100644
index 00000000..bf5bdde2
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.nologging.patch
@@ -0,0 +1,15 @@
+--- server.xml.turnOnAjp 2020-07-21 22:01:04.000000000 -0400
++++ server.xml.nologging 2020-07-21 21:59:26.000000000 -0400
+@@ -159,9 +159,9 @@
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+- prefix="localhost_access_log" suffix=".txt"
+- pattern="%h %l %u %t "%r" %s %b" />
++
++
++
+
+ </Host>
+ </Engine>
diff --git a/container_files/tomcat/conf/server.xml b/container_files/tomee/conf/server.xml.original
similarity index 90%
rename from container_files/tomcat/conf/server.xml
rename to container_files/tomee/conf/server.xml.original
index 9610fc7d..5e5765f0 100644
--- a/container_files/tomcat/conf/server.xml
+++ b/container_files/tomee/conf/server.xml.original
@@ -1,173 +1,173 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
-<!--
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
--->
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
- connectionTimeout="20000"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the
- AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation which always uses
- OpenSSL for TLS.
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
- configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" URIEncoding="UTF-8" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
-<!--
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
--->
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <!-- Managing through Apache HTTPD Server config
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
- -->
-
- </Host>
- </Engine>
- </Service>
-</Server>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector protocol="AJP/1.3"
+ address="::1"
+ port="8009"
+ redirectPort="8443" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomee/conf/server.xml.turnOnAjp b/container_files/tomee/conf/server.xml.turnOnAjp
new file mode 100644
index 00000000..f9894ffb
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.turnOnAjp
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/tomee/conf/server.xml.turnOnAjp.patch b/container_files/tomee/conf/server.xml.turnOnAjp.patch
new file mode 100644
index 00000000..0c9d5fdd
--- /dev/null
+++ b/container_files/tomee/conf/server.xml.turnOnAjp.patch
@@ -0,0 +1,17 @@
+--- server.xml.original 2020-07-21 17:57:58.000000000 -0400
++++ server.xml.turnOnAjp 2020-07-21 21:56:49.000000000 -0400
+@@ -115,12 +115,8 @@
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+- <!--
+- <Connector protocol="AJP/1.3"
+- address="::1"
+- port="8009"
+- redirectPort="8443" />
+- -->
++ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" allowedRequestAttributesPattern=".*" />
++
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomee/conf/server.xml b/container_files/tomee/conf/server.xml.v2_5_29
similarity index 85%
rename from container_files/tomee/conf/server.xml
rename to container_files/tomee/conf/server.xml.v2_5_29
index e5c89967..4c803d8c 100644
--- a/container_files/tomee/conf/server.xml
+++ b/container_files/tomee/conf/server.xml.v2_5_29
@@ -1,164 +1,169 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <!-- TomEE plugin for Tomcat -->
- <Listener className="org.apache.tomee.catalina.ServerListener" />
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
- connectionTimeout="20000"
- redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation with the JSSE engine. When
- using the JSSE engine, the JSSE configuration attributes must be used.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" xpoweredBy="false" server="Apache TomEE" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation. When using the
- APR/native implementation or the OpenSSL engine with NIO or NIO2 then
- the OpenSSL configuration attributes must be used.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <!-- TomEE plugin for Tomcat -->
+ <Listener className="org.apache.tomee.catalina.ServerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" xpoweredBy="false" server="Apache TomEE" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/container_files/ui/classes/grouper-ui.properties b/container_files/ui/classes/grouper-ui.properties
deleted file mode 100644
index 80fbee1e..00000000
--- a/container_files/ui/classes/grouper-ui.properties
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# Grouper UI configuration
-# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
-#
-
-# The grouper-ui.properties uses Grouper Configuration Overlays (documented on wiki)
-# By default the configuration is read from grouper-ui.base.properties
-# (which should not be edited), and the grouper-ui.properties overlays
-# the base settings. See the grouper-ui.base.properties for the possible
-# settings that can be applied to the grouper-ui.properties
-
-grouperUi.logout.redirectToUrl=/Shibboleth.sso/Logout
\ No newline at end of file
diff --git a/container_files/ui/classes/log4j.properties b/container_files/ui/classes/log4j.properties
deleted file mode 100644
index 12e5eff8..00000000
--- a/container_files/ui/classes/log4j.properties
+++ /dev/null
@@ -1,144 +0,0 @@
-
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#/opt/grouper/2.3.0/grouper.apiBinary-2.3.0/ will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-ui;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-ui;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-ui;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-ui;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
-
-# added by grouper-installer
-log4j.logger.org.apache.tools.ant = WARN
diff --git a/container_files/ui/web.xml b/container_files/ui/web.xml
deleted file mode 100644
index f3aa302f..00000000
--- a/container_files/ui/web.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
- version="2.4">
- <filter>
- <filter-name>GrouperUi</filter-name>
- <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
- </filter>
- <filter>
- <filter-name>CSRFGuard</filter-name>
- <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>*.jsp</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperUi/appHtml/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>GrouperUi</filter-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>CSRFGuard</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <listener>
- <listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
- </listener>
- <listener>
- <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
- </listener>
- <servlet>
- <servlet-name>StatusServlet</servlet-name>
- <display-name>Status Servlet</display-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>UiServlet</servlet-name>
- <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>StatusServlet</servlet-name>
- <url-pattern>/status</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperUi/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/app/*</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>UiServlet</servlet-name>
- <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>OwaspJavaScriptServlet</servlet-name>
- <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
- </servlet-mapping>
-</web-app>
diff --git a/container_files/usr-local-bin/changeGid.sh b/container_files/usr-local-bin/changeGid.sh
new file mode 100755
index 00000000..6d55d94d
--- /dev/null
+++ b/container_files/usr-local-bin/changeGid.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+ echo "grouperContainer; ERROR: (changeGid.sh) This script must be run as root"
+ exit 1
+fi
+if [ "$#" -ne 2 ]; then
+ echo "grouperContainer; ERROR: (changeGid.sh) You must enter exactly 2 command line arguments: groupname, and gid to change to"
+ exit 1
+fi
+groupname=$1
+newGid=$2
+getentOutput="$(getent group "$groupname")"
+oldGid="$( echo "$getentOutput" |cut -d\: -f3 )"
+groupmod -g "$newGid" "$groupname"
+echo "grouperContainer; INFO: (changeGid.sh) groupmod -g \"$newGid\" \"$groupname\" , result: $?"
+find / -xdev -group "$oldGid" -exec chgrp -h "$groupname" {} \;
+echo "grouperContainer; INFO: (changeGid.sh) find / -xdev -group \"$oldGid\" -exec chgrp -h \"$groupname\" {} \; , result: $?"
diff --git a/container_files/usr-local-bin/changeUid.sh b/container_files/usr-local-bin/changeUid.sh
new file mode 100755
index 00000000..2dcf8a83
--- /dev/null
+++ b/container_files/usr-local-bin/changeUid.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+ echo "grouperContainer; ERROR: (changeUid.sh) This script must be run as root"
+ exit 1
+fi
+if [ "$#" -ne 2 ]; then
+ echo "grouperContainer; ERROR: (changeUid.sh) You must enter exactly 2 command line arguments: username, and uid to change to"
+ exit 1
+fi
+username=$1
+newUid=$2
+oldUid="$(id -u "$username")"
+usermod -u "$newUid" "$username"
+echo "grouperContainer; INFO: (changeUid.sh) usermod -u \"$newUid\" \"$username\" , result: $?"
+find / -xdev -user "$oldUid" -exec chown -h "$username" {} \;
+echo "grouperContainer; INFO: (changeUid.sh) find / -xdev -user \"$oldUid\" -exec chown -h \"$username\" {} \; , result: $?"
diff --git a/container_files/usr-local-bin/daemon b/container_files/usr-local-bin/daemon
index da40d1e6..aef7603f 100755
--- a/container_files/usr-local-bin/daemon
+++ b/container_files/usr-local-bin/daemon
@@ -1,9 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_daemon
+prep_finish
+setupFiles
-prepDaemon
-
-export GSH_JVMARGS="$GSH_JVMARGS -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-
-exec bin/gsh -loader > /tmp/loggrouper
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/entrypoint.sh b/container_files/usr-local-bin/entrypoint.sh
index 83e985d6..ba8842cb 100755
--- a/container_files/usr-local-bin/entrypoint.sh
+++ b/container_files/usr-local-bin/entrypoint.sh
@@ -1,6 +1,37 @@
-#!/bin/sh
+#!/bin/bash
. /usr/local/bin/library.sh
-prepConf
+prep_conf
+
+if [ "$#" -eq 0 ];
+ then
+ echo "grouperContainer; INFO: (entrypoint.sh) No component set to run"
+ prep_finish
+ setupFiles
+ runCommand
+else
+
+# echo "$@"
+
+# argc=$#
+# argv=("$@")
+
+ GROUPER_ENTRYPOINT_COMMAND=$1
+ shift
+
+# for (( j=1; j<argc; j++ )); do
+# if [ -n "$ARGUMENTS" ]; then
+# ARGUMENTS="$ARGUMENTS "
+# fi
+# ARGUMENTS="$ARGUMENTS${argv[j]}"
+# done
+
+ if [ "$GROUPER_ENTRYPOINT_COMMAND" = "/opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh" ]
+ then
+ GROUPER_ENTRYPOINT_COMMAND=gsh
+ fi
+
+ echo "grouperContainer; INFO: (entrypoint.sh) Executing $GROUPER_ENTRYPOINT_COMMAND $@"
+ exec "$GROUPER_ENTRYPOINT_COMMAND" "$@"
+fi
-exec "$@"
\ No newline at end of file
diff --git a/container_files/usr-local-bin/grouperScriptHooks.sh b/container_files/usr-local-bin/grouperScriptHooks.sh
new file mode 100644
index 00000000..3b0508b7
--- /dev/null
+++ b/container_files/usr-local-bin/grouperScriptHooks.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Overlay this file with implementations of functions from grouperScriptHooksBase.sh
+# dont forget to export -f your functions after implementing them like in the base file
+
+
diff --git a/container_files/usr-local-bin/grouperScriptHooksBase.sh b/container_files/usr-local-bin/grouperScriptHooksBase.sh
new file mode 100644
index 00000000..1a088143
--- /dev/null
+++ b/container_files/usr-local-bin/grouperScriptHooksBase.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+### DO NOT EDIT OR OVERLAY THIS FILE
+# These definitions are here to define the functions.
+# You can overlay the grouperScriptHooks.sh file with any definitions of these functions
+
+# called at the beginning of the container startup
+# after logging is setup
+grouperScriptHooks_prepConfPost() {
+ return
+}
+
+# called after the component command has been prepped
+grouperScriptHooks_prepComponentPost() {
+ return
+}
+
+# called after the finishPrep is called before the setupFiles
+grouperScriptHooks_finishPrepPost() {
+ return
+}
+
+# called after the setupFiles functions is called, almost before the process starts
+grouperScriptHooks_setupFilesPost() {
+ return
+}
+
+# called after the chown at end of setupFiles, right before the process starts
+grouperScriptHooks_setupFilesPostChown() {
+ return
+}
+
+grouperScriptHooks_unsetAll() {
+
+ unset -f grouperScriptHooks_finishPrepPost
+ unset -f grouperScriptHooks_prepComponentPost
+ unset -f grouperScriptHooks_prepConfPost
+ unset -f grouperScriptHooks_setupFilesPost
+ unset -f grouperScriptHooks_setupFilesPostChown
+ unset -f grouperScriptHooks_unsetAll
+ unset -f grouperScriptHooks_exportAll
+}
+
+grouperScriptHooks_exportAll() {
+
+ export -f grouperScriptHooks_finishPrepPost
+ export -f grouperScriptHooks_prepComponentPost
+ export -f grouperScriptHooks_prepConfPost
+ export -f grouperScriptHooks_setupFilesPost
+ export -f grouperScriptHooks_setupFilesPostChown
+ export -f grouperScriptHooks_unsetAll
+ export -f grouperScriptHooks_exportAll
+}
+
+# export everything
+grouperScriptHooks_exportAll
+
diff --git a/container_files/usr-local-bin/grouperTestFileExist.sh b/container_files/usr-local-bin/grouperTestFileExist.sh
new file mode 100755
index 00000000..68757a56
--- /dev/null
+++ b/container_files/usr-local-bin/grouperTestFileExist.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: the file name"
+ exit 1
+fi
+
+if [ -f "$1" ]; then
+ echo "exists"
+fi
\ No newline at end of file
diff --git a/container_files/usr-local-bin/grouperTestPrintEnv.sh b/container_files/usr-local-bin/grouperTestPrintEnv.sh
new file mode 100755
index 00000000..90460495
--- /dev/null
+++ b/container_files/usr-local-bin/grouperTestPrintEnv.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ "$#" -ne 1 ]; then
+ echo "You must enter exactly 1 argument: the env var name"
+ exit 1
+fi
+
+. /etc/bashrc
+. ~/.bashrc
+
+printenv $1
\ No newline at end of file
diff --git a/container_files/usr-local-bin/gsh b/container_files/usr-local-bin/gsh
index e65979ab..a9826835 100755
--- a/container_files/usr-local-bin/gsh
+++ b/container_files/usr-local-bin/gsh
@@ -1,9 +1,22 @@
#!/bin/bash
-. /usr/local/bin/library.sh
-
-prepDaemon
+prep_daemon
+prep_finish
+setupFiles
+runCommand_unsetAll
export GSH_JVMARGS="$GSH_JVMARGS -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-exec bin/gsh "$@" | tee /tmp/loggrouper
+# capture result of gsh, not tee
+set -o pipefail
+
+# openshift cannot do whoami
+if [ "$GROUPER_GSH_CHECK_USER" = "true" ] && [ "$GROUPER_GSH_USER" != "$(whoami)" ]
+ then
+ echo "grouperContainer; INFO: (gsh file) sudo --preserve-env -u tomcat bin/gsh.sh \"$@\" | tee /tmp/loggrouper"
+ sudo --preserve-env -u tomcat bin/gsh.sh "$@" | tee /tmp/loggrouper
+ else
+ echo "grouperContainer; INFO: (gsh file) bin/gsh.sh \"$@\" | tee /tmp/loggrouper"
+ exec bin/gsh.sh "$@" | tee /tmp/loggrouper
+fi
+
diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh
index 5d3790af..0d411843 100755
--- a/container_files/usr-local-bin/library.sh
+++ b/container_files/usr-local-bin/library.sh
@@ -1,149 +1,38 @@
-#!/bin/sh
+#!/bin/bash
+
+echo "grouperContainer; INFO: (library.sh) Start loading library.sh"
+#dos2unix /usr/local/bin/library*.sh
+#echo "grouperContainer; INFO: (library.sh) dos2unix /usr/local/bin/library*.sh , result=$?"
+#dos2unix /usr/local/bin/grouper*.sh
+#echo "grouperContainer; INFO: (library.sh) dos2unix /usr/local/bin/grouper*.sh , result=$?"
+#for f in /usr/local/bin/library*.sh /usr/local/bin/grouper*.sh; do
+# TFILE=$(mktemp) && dos2unix -q -n $f $TFILE && cat $TFILE > $f
+# echo "grouperContainer; INFO: (library.sh) dos2unix $f, result=$?"
+# rm $TFILE
+#done
+
+. /usr/local/bin/libraryPrep.sh
+. /usr/local/bin/libraryPrepOnly.sh
+. /usr/local/bin/libraryRunCommand.sh
+. /usr/local/bin/librarySetupFiles.sh
+. /usr/local/bin/librarySetupFilesApache.sh
+. /usr/local/bin/librarySetupFilesForComponent.sh
+. /usr/local/bin/librarySetupFilesForProcess.sh
+. /usr/local/bin/librarySetupFilesTomcat.sh
+. /usr/local/bin/librarySetupPipe.sh
+
+# base definitions of hooks
+. /usr/local/bin/grouperScriptHooksBase.sh
+
+# need this before the copy happens
+if [ -f /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh ] ; then
+ cp /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh /usr/local/bin/grouperScriptHooks.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (library.sh) cp /opt/grouper/slashRoot/usr/local/bin/grouperScriptHooks.sh /usr/local/bin/grouperScriptHooks.sh, result=$returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+fi
+# implementations of custom hooks
+. /usr/local/bin/grouperScriptHooks.sh
+
+echo "grouperContainer; INFO: (library.sh) End loading library.sh"
-setupPipe() {
- if [ -e $1 ]; then
- rm $1
- fi
- mkfifo -m 666 $1
-}
-
-setupLoggingPipe() {
- # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
- setupPipe /tmp/logpipe
- cat <> /tmp/logpipe &
-}
-
-# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
-setupGrouperLogPipe() {
- setupPipe /tmp/loggrouper
- (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupHttpdLogPipe() {
- setupPipe /tmp/loghttpd
- (cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupShibdLogPipe() {
- setupPipe /tmp/logshibd
- (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupTomcatLogPipe() {
- setupPipe /tmp/logtomcat
- (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-setupSupervisordLogPipe() {
- setupPipe /tmp/logsuperd
- (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
-}
-
-linkGrouperSecrets() {
- for filepath in /run/secrets/*; do
- local label_file=`basename $filepath`
- local file=$(echo $label_file| cut -d'_' -f 2)
-
- if [[ $label_file == grouper_* ]]; then
- ln -sf /run/secrets/$label_file $1/$file
- elif [[ $label_file == shib_* ]]; then
- ln -sf /run/secrets/$label_file /etc/shibboleth/$file
- elif [[ $label_file == httpd_* ]]; then
- ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file
- elif [ "$label_file" == "host-key.pem" ]; then
- ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
- fi
- done
-}
-
-prepDaemon() {
- setupLoggingPipe
- setupGrouperLogPipe
-}
-
-prepDaemonConf() {
- local dest=/opt/grouper/grouper.apiBinary
- linkGrouperSecrets $dest/conf
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/conf/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/custom/
- fi
-}
-
-prepSCIM() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupTomcatLogPipe
-
-
- cp /opt/tier-support/grouper-ws-scim.xml /opt/tomee/conf/Catalina/localhost/
-}
-
-prepSCIMConf() {
- local dest=/opt/grouper/grouper.scim/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-prepUI() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupShibdLogPipe
- setupTomcatLogPipe
- setupSupervisordLogPipe
-
- cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/
-}
-
-prepUIConf() {
- local dest=/opt/grouper/grouper.ui/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-prepWS() {
- setupLoggingPipe
- setupGrouperLogPipe
- setupHttpdLogPipe
- setupTomcatLogPipe
- setupSupervisordLogPipe
-
- cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/
-}
-
-prepWSConf() {
- local dest=/opt/grouper/grouper.ws/WEB-INF
- linkGrouperSecrets $dest/classes
-
- if [ -d "/opt/grouper/conf" ]; then
- cp -r /opt/grouper/conf/* $dest/classes/
- fi
- if [ -d "/opt/grouper/lib" ]; then
- cp -r /opt/grouper/lib/* $dest/lib/
- fi
-}
-
-
-prepConf() {
- prepDaemonConf
- prepSCIMConf
- prepUIConf
- prepWSConf
-}
\ No newline at end of file
diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
new file mode 100644
index 00000000..37962a5f
--- /dev/null
+++ b/container_files/usr-local-bin/libraryPrep.sh
@@ -0,0 +1,587 @@
+#!/bin/bash
+
+prep_openshift() {
+ if [ "$GROUPER_OPENSHIFT" == 'true' ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) GROUPER_OPENSHIFT is true"
+ if [ -z "$GROUPER_CHOWN_DIRS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_CHOWN_DIRS=false"
+ export GROUPER_CHOWN_DIRS=false
+ fi
+ if [ -z "$GROUPER_SHIB_LOG_USE_PIPE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_SHIB_LOG_USE_PIPE=false"
+ export GROUPER_SHIB_LOG_USE_PIPE=false
+ fi
+ if [ -z "$GROUPER_USE_PIPES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_USE_PIPES=false"
+ export GROUPER_USE_PIPES=false
+ fi
+ if [ -z "$GROUPER_GSH_CHECK_USER" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_GSH_CHECK_USER=false"
+ export GROUPER_GSH_CHECK_USER=false
+ fi
+ if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_openshift) export GROUPER_RUN_PROCESSES_AS_USERS=false"
+ export GROUPER_RUN_PROCESSES_AS_USERS=false
+ fi
+ fi
+}
+
+prep_quickstart() {
+
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) GROUPER_RUN_TOMCAT_NOT_SUPERVISOR is not true"
+ if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_SELF_SIGNED_CERT=true"
+ export GROUPER_SELF_SIGNED_CERT=true
+ fi
+ if [ -z "$GROUPER_START_DELAY_SECONDS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_START_DELAY_SECONDS='10'"
+ export GROUPER_START_DELAY_SECONDS='10'
+ fi
+ fi
+ if [ -z "$GROUPER_RUN_SHIB_SP" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_RUN_SHIB_SP=false"
+ export GROUPER_RUN_SHIB_SP=false
+ fi
+ if [ -z "$GROUPER_AUTO_DDL_UPTOVERSION" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_AUTO_DDL_UPTOVERSION='v2.6.*'"
+ export GROUPER_AUTO_DDL_UPTOVERSION='v2.6.*'
+ fi
+ if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'"
+ export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'
+ fi
+ # wait for database to start
+ if [ -z "$GROUPER_UI_GROUPER_AUTH" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_UI_GROUPER_AUTH='true'"
+ export GROUPER_UI_GROUPER_AUTH='true'
+ fi
+ if [ -z "$GROUPER_WS_GROUPER_AUTH" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_WS_GROUPER_AUTH='true'"
+ export GROUPER_WS_GROUPER_AUTH='true'
+ fi
+ if [ -z "$GROUPER_SCIM_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_SCIM_GROUPER_AUTH=true"
+ export GROUPER_SCIM_GROUPER_AUTH=true
+ fi
+ if [ -z "$GROUPER_QUICKSTART" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_quickstart) export GROUPER_QUICKSTART=true"
+ export GROUPER_QUICKSTART=true
+ fi
+
+}
+
+prep_daemon() {
+
+ if [ -z "$GROUPER_DAEMON" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_daemon) export GROUPER_DAEMON=true"
+ export GROUPER_DAEMON=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMEE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_daemon) export GROUPER_RUN_TOMEE=true"
+ export GROUPER_RUN_TOMEE=true
+ fi
+}
+
+prep_scim() {
+
+ if [ -z "$GROUPER_SCIM" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_scim) export GROUPER_SCIM=true"
+ export GROUPER_SCIM=true
+ fi
+ if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_scim) export GROUPER_RUN_APACHE=true"
+ export GROUPER_RUN_APACHE=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMEE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_scim) export GROUPER_RUN_TOMEE=true"
+ export GROUPER_RUN_TOMEE=true
+ fi
+}
+
+prep_ui() {
+
+ if [ -z "$GROUPER_UI" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_UI=true"
+ export GROUPER_UI=true
+ fi
+ if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_APACHE=true"
+ export GROUPER_RUN_APACHE=true
+ fi
+ if [ -z "$GROUPER_RUN_SHIB_SP" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_SHIB_SP=true"
+ export GROUPER_RUN_SHIB_SP=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMEE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ui) export GROUPER_RUN_TOMEE=true"
+ export GROUPER_RUN_TOMEE=true
+ fi
+}
+
+prep_runUi() {
+ if [ -z "$GROUPER_PROXY_PASS" ]
+ then
+ if [ "$GROUPER_UI" == 'true' ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runUi) export GROUPER_PROXY_PASS="
+ export GROUPER_PROXY_PASS=
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runUi) export GROUPER_PROXY_PASS=#"
+ export GROUPER_PROXY_PASS=#
+ fi
+
+ fi
+}
+prep_runWs() {
+ if [ -z "$GROUPERWS_PROXY_PASS" ]
+ then
+ if [ "$GROUPER_WS" == 'true' ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runWs) export GROUPER_PROXY_PASS="
+ export GROUPERWS_PROXY_PASS=
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runWs) export GROUPER_PROXY_PASS=#"
+ export GROUPERWS_PROXY_PASS=#
+ fi
+
+ fi
+}
+prep_runScim() {
+ if [ -z "$GROUPERSCIM_PROXY_PASS" ]
+ then
+ if [ "$GROUPER_SCIM" == 'true' ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runScim) export GROUPER_PROXY_PASS="
+ export GROUPERSCIM_PROXY_PASS=
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_runScim) export GROUPER_PROXY_PASS=#"
+ export GROUPERSCIM_PROXY_PASS=#
+ fi
+
+ fi
+}
+
+
+prep_ws() {
+
+ if [ -z "$GROUPER_WS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_WS=true"
+ export GROUPER_WS=true
+ fi
+ if [ -z "$GROUPER_RUN_APACHE" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ] && [ "$GROUPER_OPENSHIFT" != "true" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_RUN_APACHE=true"
+ export GROUPER_RUN_APACHE=true
+ fi
+ if [ -z "$GROUPER_RUN_TOMEE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_ws) export GROUPER_RUN_TOMEE=true"
+ export GROUPER_RUN_TOMEE=true
+ fi
+}
+
+prep_conf() {
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) Start setting up initial pipes"
+ if [ -z "$GROUPER_USE_PIPES" ]; then
+ if [ "$GROUPER_OPENSHIFT" != 'true' ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) GROUPER_USE_PIPES=true"
+ export GROUPER_USE_PIPES=true
+ fi
+ fi
+ setupPipe_logging
+ setupPipe_supervisordLog
+ setupPipe_grouperLog
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) End setting up initial pipes"
+
+ # if we are stopping and starting, we just read the env vars and we done
+ if [ -f /opt/grouper/grouperEnv.sh ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_conf) Loading env vars from /opt/grouper/grouperEnv.sh"
+ . /opt/grouper/grouperEnv.sh
+ return
+ fi
+
+ prep_initDeprecatedEnvVars
+ grouperScriptHooks_prepConfPost
+
+}
+
+prep_initDeprecatedEnvVars() {
+
+ if [ ! -z "$RUN_APACHE" ] && [ -z "$GROUPER_RUN_APACHE" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_APACHE=$RUN_APACHE"
+ export GROUPER_RUN_APACHE="$RUN_APACHE"
+ fi
+
+ if [ ! -z "$RUN_SHIB_SP" ] && [ -z "$GROUPER_RUN_SHIB_SP" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_SHIB_SP=$RUN_SHIB_SP"
+ export GROUPER_RUN_SHIB_SP="$RUN_SHIB_SP"
+ fi
+
+ if [ ! -z "$RUN_TOMEE" ] && [ -z "$GROUPER_RUN_TOMEE" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_RUN_TOMEE=$RUN_TOMEE"
+ export GROUPER_RUN_TOMEE="$RUN_TOMEE"
+ fi
+
+ if [ ! -z "$SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SELF_SIGNED_CERT" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_initDeprecatedEnvVars) export GROUPER_SELF_SIGNED_CERT=$SELF_SIGNED_CERT"
+ export GROUPER_SELF_SIGNED_CERT="$SELF_SIGNED_CERT"
+ fi
+
+}
+
+
+prep_finishBegin() {
+ # default a lot of env variables
+ # morph defaults to null
+ # database password defaults to null
+ prep_openshift
+ if [ -z "$GROUPER_UI_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_UI_GROUPER_AUTH=false"
+ export GROUPER_UI_GROUPER_AUTH=false
+ fi
+ if [ -z "$GROUPER_WS_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WS_GROUPER_AUTH=false"
+ export GROUPER_WS_GROUPER_AUTH=false
+ fi
+ if [ -z "$GROUPER_SCIM_GROUPER_AUTH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SCIM_GROUPER_AUTH=false"
+ export GROUPER_SCIM_GROUPER_AUTH=false
+ fi
+ if [ -z "$GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='127.0.0.1/32'"
+ export GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='127.0.0.1/32'
+ fi
+ # GROUPER_AUTO_DDL_UPTOVERSION defaults to null
+ # GROUPER_START_DELAY_SECONDS defaults to null
+ if [ -z "$GROUPER_UI" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_UI=false"
+ export GROUPER_UI=false
+ fi
+ if [ -z "$GROUPER_SCIM" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SCIM=false"
+ export GROUPER_SCIM=false
+ fi
+ if [ -z "$GROUPER_WS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WS=false"
+ export GROUPER_WS=false
+ fi
+ if [ -z "$GROUPER_DAEMON" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_DAEMON=false"
+ export GROUPER_DAEMON=false
+ fi
+ if [ -z "$GROUPER_USE_SSL" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_USE_SSL=true"
+ export GROUPER_USE_SSL=true
+ fi
+ if [ "$GROUPER_USE_SSL" = "true" ]; then
+ if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /etc/pki/tls/certs/host-cert.pem ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /etc/pki/tls/certs/host-cert.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
+ export GROUPER_SELF_SIGNED_CERT=true
+
+ fi
+ if [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then
+
+ # default the cert path to self signed and no chain file
+ if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt"
+ export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+ fi
+ if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key"
+ export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key
+ fi
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ] && [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+ fi
+
+ fi
+ # default the cert path
+ if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem"
+ export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem
+ fi
+ if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem"
+ export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem
+ fi
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ] ; then
+
+ if [ -f /etc/pki/tls/certs/cachain.pem ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
+ export GROUPER_SSL_USE_CHAIN_FILE=true
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem"
+ export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem
+ else
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+
+ fi
+ fi
+ if [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then
+
+ if [ -z "$GROUPER_SSL_CHAIN_FILE" ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
+ export GROUPER_SSL_USE_CHAIN_FILE=false
+
+ else
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
+ export GROUPER_SSL_USE_CHAIN_FILE=true
+
+ fi
+
+ fi
+ if [ -z "$GROUPER_SSL_USE_STAPLING" ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_STAPLING=true"
+ export GROUPER_SSL_USE_STAPLING=true
+
+ fi
+
+ fi
+ if [ -z "$GROUPER_WEBCLIENT_IS_SSL" ] ; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WEBCLIENT_IS_SSL=true (browser or WS client is SSL)"
+ export GROUPER_WEBCLIENT_IS_SSL=true
+
+ fi
+
+ if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_PROCESSES_AS_USERS=true"
+ export GROUPER_RUN_PROCESSES_AS_USERS=true
+ fi
+
+ # do these before the "only" component
+ if [ -z "$GROUPER_URL_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_URL_CONTEXT=grouper"
+ export GROUPER_URL_CONTEXT=grouper
+ fi
+ if [ -z "$GROUPERWS_URL_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPERWS_URL_CONTEXT=grouper-ws"
+ export GROUPERWS_URL_CONTEXT=grouper-ws
+ fi
+ if [ -z "$GROUPERSCIM_URL_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPERSCIM_URL_CONTEXT=grouper-ws-scim"
+ export GROUPERSCIM_URL_CONTEXT=grouper-ws-scim
+ fi
+ if [ -z "$GROUPER_APACHE_AJP_TIMEOUT_SECONDS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600"
+ export GROUPER_APACHE_AJP_TIMEOUT_SECONDS=3600
+ fi
+ if [ -z "$GROUPER_APACHE_SSL_PORT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_SSL_PORT=443"
+ export GROUPER_APACHE_SSL_PORT=443
+ fi
+ if [ -z "$GROUPER_APACHE_NONSSL_PORT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_NONSSL_PORT=80"
+ export GROUPER_APACHE_NONSSL_PORT=80
+ fi
+ if [ -z "$GROUPER_APACHE_DIRECTORY_INDEXES" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_DIRECTORY_INDEXES=false"
+ export GROUPER_APACHE_DIRECTORY_INDEXES=false
+ fi
+
+ if [ -z "$GROUPER_GSH_CHECK_USER" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_CHECK_USER=true"
+ export GROUPER_GSH_CHECK_USER=true
+ fi
+ if [ -z "$GROUPER_GSH_USER" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_USER=tomcat"
+ export GROUPER_GSH_USER=tomcat
+ fi
+
+ if [ -z "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false"
+ export GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false
+ fi
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" = "true" ]; then
+ # if we are not running supervisor then default to not chown dirs
+ if [ -z "$GROUPER_CHOWN_DIRS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=false"
+ export GROUPER_CHOWN_DIRS=false
+ fi
+ fi
+ if [ -z "$GROUPER_CHOWN_DIRS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_CHOWN_DIRS=true"
+ export GROUPER_CHOWN_DIRS=true
+ fi
+ if [ -z "$GROUPER_TOMCAT_HTTP_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTP_PORT=8080"
+ export GROUPER_TOMCAT_HTTP_PORT=8080
+ fi
+ if [ -z "$GROUPER_TOMCAT_MAX_HEADER_COUNT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_MAX_HEADER_COUNT=200"
+ export GROUPER_TOMCAT_MAX_HEADER_COUNT=200
+ fi
+ if [ -z "$GROUPER_TOMCAT_AJP_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_AJP_PORT=8009"
+ export GROUPER_TOMCAT_AJP_PORT=8009
+ fi
+ if [ -z "$GROUPER_TOMCAT_SHUTDOWN_PORT" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_SHUTDOWN_PORT=8005"
+ export GROUPER_TOMCAT_SHUTDOWN_PORT=8005
+ fi
+
+ if [ -z "$GROUPER_SHIB_LOG_USE_PIPE" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SHIB_LOG_USE_PIPE=true"
+ export GROUPER_SHIB_LOG_USE_PIPE=true
+ fi
+
+ if [ -z "$GROUPER_APACHE_STATUS_PATH" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_STATUS_PATH=/status_grouper/status"
+ export GROUPER_APACHE_STATUS_PATH=/status_grouper/status
+ fi
+
+ if [ -z "$GROUPER_GSH_JVMARGS" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_JVMARGS=\"-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts\""
+ export GROUPER_GSH_JVMARGS="-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
+ fi
+
+ #Replace web.xml session timeout with env variable
+ if [[ -z "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" ]]; then
+ if [[ "$GROUPER_UI" != 'true' ]] && [[ "$GROUPER_WS" = 'true' ]]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) $ GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES is not set, export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=1"
+ export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=1
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) $ GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES is not set, export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=600 (10 hours)"
+ export GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=600
+
+ fi
+ fi
+}
+
+prep_finishEnd() {
+
+ # defaults after the "only" part
+ if [ -z "$GROUPER_TOMCAT_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_CONTEXT=grouper"
+ export GROUPER_TOMCAT_CONTEXT=grouper
+ fi
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_LOG_PREFIX=grouper"
+ export GROUPER_LOG_PREFIX=grouper
+ fi
+ if [ -z "$GROUPER_MAX_MEMORY" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_MAX_MEMORY=1500m"
+ export GROUPER_MAX_MEMORY=1500m
+ fi
+ if [ -z "$GROUPER_CONTEXT_COOKIES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_CONTEXT_COOKIES=true"
+ export GROUPER_CONTEXT_COOKIES=true
+ fi
+ if [ -z "$GROUPER_PUT_JAVA_HOME_IN_BASHRC" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_PUT_JAVA_HOME_IN_BASHRC=true"
+ export GROUPER_PUT_JAVA_HOME_IN_BASHRC=true
+ fi
+ if [ -z "$GROUPER_JAVA_HOME" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto"
+ export GROUPER_JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
+ fi
+ if [ -z "$GROUPER_TOMCAT_LOG_ACCESS" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_LOG_ACCESS=false"
+ export GROUPER_TOMCAT_LOG_ACCESS=false
+ fi
+ if [ "$GROUPER_RUN_SHIB_SP" = "true" ] && [ -z "$GROUPERUI_LOGOUT_REDIRECTTOURL" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout"
+ export GROUPERUI_LOGOUT_REDIRECTTOURL=/Shibboleth.sso/Logout
+ fi
+ if [ -z "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ]; then
+ if [ "$GROUPER_PROXY_PASS" = "#" ]; then
+
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false"
+ export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false
+ else
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=true"
+ export GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=true
+
+ fi
+
+ fi
+
+}
+
+prep_finish() {
+
+ if [ "$GROUPER_SETUP_FILES_COMPLETE" = "true" ]
+ then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finish) GROUPER_SETUP_FILES_COMPLETE=true, skipping startup prep"
+ prep_unsetAllAndFromFiles
+
+ return
+ fi
+
+ grouperScriptHooks_prepComponentPost
+
+ prep_finishBegin
+
+ prepOnly
+
+ prep_runScim
+ prep_runUi
+ prep_runWs
+
+ prep_finishEnd
+
+ grouperScriptHooks_finishPrepPost
+
+ prep_unsetAllAndFromFiles
+ echo "grouperContainer; INFO: (libraryPrep.sh-prep_finish) End prep"
+}
+
+prep_unsetAllAndFromFiles() {
+ prep_unsetAll
+ prepOnly_unsetAll
+}
+
+prep_unsetAll() {
+ unset -f prep_conf
+ unset -f prep_daemon
+ unset -f prep_finish
+ unset -f prep_finishBegin
+ unset -f prep_finishEnd
+ unset -f prep_initDeprecatedEnvVars
+ unset -f prep_openshift
+ unset -f prep_quickstart
+ unset -f prep_runScim
+ unset -f prep_runUi
+ unset -f prep_runWs
+ unset -f prep_scim
+ unset -f prep_unsetAll
+ unset -f prep_unsetAllAndFromFiles
+ unset -f prep_ui
+ unset -f prep_ws
+
+}
+
+prep_exportAll() {
+ export -f prep_conf
+ export -f prep_daemon
+ export -f prep_finish
+ export -f prep_finishBegin
+ export -f prep_finishEnd
+ export -f prep_initDeprecatedEnvVars
+ export -f prep_openshift
+ export -f prep_quickstart
+ export -f prep_runScim
+ export -f prep_runUi
+ export -f prep_runWs
+ export -f prep_scim
+ export -f prep_unsetAll
+ export -f prep_unsetAllAndFromFiles
+ export -f prep_ui
+ export -f prep_ws
+}
+
+# export everything
+prep_exportAll
+
diff --git a/container_files/usr-local-bin/libraryPrepOnly.sh b/container_files/usr-local-bin/libraryPrepOnly.sh
new file mode 100644
index 00000000..79ec4f44
--- /dev/null
+++ b/container_files/usr-local-bin/libraryPrepOnly.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+
+prepOnly_component() {
+ if [ "$GROUPER_WS" = "true" ] && [ "$GROUPER_UI" != "true" ] && [ "$GROUPER_SCIM" != "true" ] && [ "$GROUPER_DAEMON" != "true" ]
+ then
+ if [ -z "$GROUPER_WS_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_WS_ONLY=true"
+ export GROUPER_WS_ONLY=true
+ fi
+ fi
+
+ if [ "$GROUPER_WS" != "true" ] && [ "$GROUPER_UI" != "true" ] && [ "$GROUPER_SCIM" = "true" ] && [ "$GROUPER_DAEMON" != "true" ]
+ then
+ if [ -z "$GROUPER_SCIM_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_SCIM_ONLY=true"
+ export GROUPER_SCIM_ONLY=true
+ fi
+ fi
+
+ if [ "$GROUPER_WS" != "true" ] && [ "$GROUPER_UI" = "true" ] && [ "$GROUPER_SCIM" != "true" ] && [ "$GROUPER_DAEMON" != "true" ]
+ then
+ if [ -z "$GROUPER_UI_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_UI_ONLY=true"
+ export GROUPER_UI_ONLY=true
+ fi
+ fi
+
+ if [ "$GROUPER_WS" != "true" ] && [ "$GROUPER_UI" != "true" ] && [ "$GROUPER_SCIM" != "true" ] && [ "$GROUPER_DAEMON" = "true" ]
+ then
+ if [ -z "$GROUPER_DAEMON_ONLY" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_component) export GROUPER_DAEMON_ONLY=true"
+ export GROUPER_DAEMON_ONLY=true
+ fi
+ fi
+}
+
+prepOnly_ui() {
+ if [ "$GROUPER_UI_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_LOG_PREFIX=grouper-ui"
+ export GROUPER_LOG_PREFIX=grouper-ui
+ fi
+ fi
+}
+
+prepOnly_ws() {
+ if [ "$GROUPER_WS_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_LOG_PREFIX=grouper-ws"
+ export GROUPER_LOG_PREFIX=grouper-ws
+ fi
+ if [ -z "$GROUPER_CONTEXT_COOKIES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) export GROUPER_CONTEXT_COOKIES=false"
+ export GROUPER_CONTEXT_COOKIES=false
+ fi
+ # default to whatever ws context is
+ if [ -z "$GROUPER_TOMCAT_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_ui) GROUPER_TOMCAT_CONTEXT=$GROUPERWS_URL_CONTEXT"
+ export GROUPER_TOMCAT_CONTEXT="$GROUPERWS_URL_CONTEXT"
+ fi
+ fi
+}
+
+prepOnly_scim() {
+ if [ "$GROUPER_SCIM_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_scim) GROUPER_LOG_PREFIX=grouper-scim"
+ export GROUPER_LOG_PREFIX=grouper-scim
+ fi
+ if [ -z "$GROUPER_CONTEXT_COOKIES" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_scim) GROUPER_CONTEXT_COOKIES=false"
+ export GROUPER_CONTEXT_COOKIES=false
+ fi
+ # default to whatever scim context is
+ if [ -z "$GROUPER_TOMCAT_CONTEXT" ] ; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_scim) GROUPER_TOMCAT_CONTEXT=$GROUPERSCIM_URL_CONTEXT"
+ export GROUPER_TOMCAT_CONTEXT="$GROUPERSCIM_URL_CONTEXT"
+ fi
+ fi
+}
+
+prepOnly_daemon() {
+ if [ "$GROUPER_DAEMON_ONLY" = "true" ]
+ then
+ if [ -z "$GROUPER_LOG_PREFIX" ]; then
+ echo "grouperContainer; INFO: (libraryPrep.sh-prepOnly_daemon) GROUPER_LOG_PREFIX=grouper-daemon"
+ export GROUPER_LOG_PREFIX=grouper-daemon
+ fi
+ fi
+}
+
+prepOnly() {
+ prepOnly_component
+
+ prepOnly_ws
+
+ prepOnly_scim
+
+ prepOnly_ui
+
+ prepOnly_daemon
+
+}
+
+prepOnly_unsetAll() {
+ unset -f prepOnly
+ unset -f prepOnly_component
+ unset -f prepOnly_daemon
+ unset -f prepOnly_scim
+ unset -f prepOnly_ui
+ unset -f prepOnly_unsetAll
+ unset -f prepOnly_ws
+}
+
+prepOnly_exportAll() {
+ export -f prepOnly
+ export -f prepOnly_component
+ export -f prepOnly_daemon
+ export -f prepOnly_scim
+ export -f prepOnly_ui
+ export -f prepOnly_unsetAll
+ export -f prepOnly_ws
+}
+
+# export everything
+prepOnly_exportAll
\ No newline at end of file
diff --git a/container_files/usr-local-bin/libraryRunCommand.sh b/container_files/usr-local-bin/libraryRunCommand.sh
new file mode 100644
index 00000000..d859e088
--- /dev/null
+++ b/container_files/usr-local-bin/libraryRunCommand.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+runCommand() {
+
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Start setting up remaining pipes"
+ setupPipe_httpdLog
+ setupPipe_shibdLog
+ setupPipe_tomcatLog
+ setupPipe_tomcatAccessLog
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) End setting up remainder pipes"
+
+ runCommand_unsetAll
+
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" = "true" ]
+ then
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting tomcat not supervisor"
+ /opt/tomee/bin/catalina.sh run
+ else
+ echo "grouperContainer; INFO: (libraryRunCommand.sh-runCommand) Starting supervisor"
+ exec /usr/bin/supervisord -c /opt/tier-support/supervisord.conf
+ fi
+
+}
+
+runCommand_unsetAll() {
+ setupPipe_unsetAll
+ unset -f runCommand
+ unset -f runCommand_unsetAll
+}
+
+runCommand_exportAll() {
+ export -f runCommand
+ export -f runCommand_unsetAll
+
+}
+
+# export everything
+runCommand_exportAll
+
diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh
new file mode 100644
index 00000000..3e9581ba
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFiles.sh
@@ -0,0 +1,403 @@
+#!/bin/bash
+
+setupFiles_linkGrouperSecrets() {
+ for filepath in /run/secrets/*; do
+ local label_file=`basename $filepath`
+ local file=$(echo $label_file| cut -d'_' -f 2)
+
+ if [[ $label_file == grouper_* ]]; then
+ ln -sf /run/secrets/$label_file /opt/grouper/grouperWebapp/WEB-INF/classes/$file
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/$label_file /opt/grouper/grouperWebapp/WEB-INF/classes/$file, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ elif [[ $label_file == shib_* ]]; then
+ ln -sf /run/secrets/$label_file /etc/shibboleth/$file
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/$label_file /etc/shibboleth/$file, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ elif [[ $label_file == httpd_* ]]; then
+ ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ elif [ "$label_file" == "host-key.pem" ]; then
+ ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_linkGrouperSecrets) ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ done
+}
+
+setupFiles_rsyncSlashRoot() {
+ if [ -d "/opt/grouper/slashRoot" ]; then
+ # Copy any files into the root filesystem
+ rsync -l -r -v /opt/grouper/slashRoot/ /
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_rsyncSlashRoot) rsync -l -r -v /opt/grouper/slashRoot/ /, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFiles_localLogging() {
+ if [ "$GROUPER_LOG_TO_HOST" = "true" ]; then
+ sed -i "s|__FILE__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__FILE__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ else
+ sed -i "s|__LOGPIPE__||g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|__LOGPIPE__||g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $?"
+ fi
+
+ if [ -f /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt ]; then
+ additionalLoggersFile=`cat /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalLoggers.xml.txt`
+ # replace quote, but then double escape the result for some reason. this replaces quote with slash quote
+ additionalLoggersFile="$(sed s/\"/\\\\\\\"/g <<<$additionalLoggersFile)"
+ sed -i "s|<!--MORELOGGERS-->|$additionalLoggersFile|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|<!--MORELOGGERS-->|$additionalLoggersFile|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ -f /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt ]; then
+ additionalAppendersFile=`cat /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.additionalAppenders.xml.txt`
+ # replace quote, but then double escape the result for some reason. this replaces quote with slash quote
+ additionalAppendersFile="$(sed s/\"/\\\\\\\"/g <<<$additionalAppendersFile)"
+ sed -i "s|<!--MOREAPPENDERS-->|$additionalAppendersFile|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_localLogging) sed -i \"s|<!--MOREAPPENDERS-->|$additionalAppendersFile|g\" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFiles_loggingPrefix() {
+ sed -i "s|__GROUPER_LOG_PREFIX__|$GROUPER_LOG_PREFIX|g" /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_loggingPrefix) Changing log prefix to $GROUPER_LOG_PREFIX in log4j2.xml, result: $?"
+
+ cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tomee/conf/log4j2.xml
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_loggingPrefix) cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tomee/conf/log4j2.xml, result: $?"
+}
+
+setupFiles_chownDirs() {
+ # do this last
+ if [ "$GROUPER_CHOWN_DIRS" = "true" ]
+ then
+ chown tomcat:root /opt/grouper /opt/tomee
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown tomcat:root /opt/grouper /opt/tomee, result: $returnCode"
+
+ chown -R tomcat:root $(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print)
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown -R tomcat:root \$(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print), result: $returnCode"
+ # dont fail on chown
+ #if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFiles_storeEnvVars() {
+
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) Start store env vars in /opt/grouper/grouperEnv.sh"
+
+ echo "#!/bin/sh" > /opt/grouper/grouperEnv.sh
+ echo "" >> /opt/grouper/grouperEnv.sh
+
+ # go through env vars, should start with GROUPER*; this handles quoting but not multiline
+ export -p | grep "^declare -x GROUPER" | sort >> /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) export -p | grep \"^declare -x GROUPER\" | sort >> /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # declare -x exports to the current and child processes, but not globally to the procid=1 process; `export` works, as well as `declare -x -g`
+ sed -i "s|^declare -x |export |" /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) sed -i \"s|^declare -x |export |\" /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ echo "" >> /opt/grouper/grouperEnv.sh
+
+ echo "export JAVA_HOME=$GROUPER_JAVA_HOME" >> /opt/grouper/grouperEnv.sh
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo \"export JAVA_HOME=$GROUPER_JAVA_HOME\" >> /opt/grouper/grouperEnv.sh, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ if [ ! -f /home/tomcat/.bashrc ]
+ then
+ echo "grouperContainer; ERROR: (librarySetupFiles.sh-setupFiles_storeEnvVars) Why doesnt /home/tomcat/.bashrc exist????"
+ exit 1
+ fi
+ if ! grep -q grouperEnv /home/tomcat/.bashrc
+ then
+ echo "" >> /home/tomcat/.bashrc
+ echo ". /opt/grouper/grouperEnv.sh" >> /home/tomcat/.bashrc
+ echo "" >> /home/tomcat/.bashrc
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo \". /opt/grouper/grouperEnv.sh\" >> /home/tomcat/.bashrc , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ # if we own this file (i.e. running as root)
+ if [[ -O "/etc/bashrc" ]]; then
+ # we need these global
+ if [ ! -f /etc/bashrc ]
+ then
+ echo "grouperContainer; ERROR: (librarySetupFiles.sh-setupFiles_storeEnvVars) Why doesnt /etc/bashrc exist????"
+ exit 1
+ fi
+ if ! grep -q GROUPER_GSH_CHECK_USER /etc/bashrc
+ then
+ echo "" >> /etc/bashrc
+ echo "export GROUPER_GSH_CHECK_USER=$GROUPER_GSH_CHECK_USER" >> /etc/bashrc
+ echo "export GROUPER_GSH_USER=$GROUPER_GSH_USER" >> /etc/bashrc
+ if [ "$GROUPER_PUT_JAVA_HOME_IN_BASHRC" = "true" ]; then
+ echo "export JAVA_HOME=$GROUPER_JAVA_HOME" >> /etc/bashrc
+ echo "export PATH=$GROUPER_JAVA_HOME/bin:\$PATH" >> /etc/bashrc
+ fi
+ echo "" >> /etc/bashrc
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) echo env var script to /etc/bashrc, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_storeEnvVars) End store env vars in /opt/grouper/grouperEnv.sh"
+}
+
+setupFiles_originalFile() {
+ fullPath=$1
+ fileName="$(basename $fullPath)"
+ originalFilePath="/opt/tier-support/originalFiles/$fileName"
+ if [ -f "$fullPath" ]; then
+ if [ -f "$originalFilePath" ]; then
+ if cmp "$fullPath" "$originalFilePath" >/dev/null 2>&1
+ then
+ # true, same
+ return 0
+ else
+ # false, different
+ return 1
+ fi
+ else
+ # false, different
+ return 1
+ fi
+ fi
+ # didnt exist and still doesnt... same?
+ return 0
+}
+
+
+setupFiles_analyzeOriginalFiles() {
+
+ setupFiles_originalFile /opt/tomee/conf/Catalina/localhost/grouper.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=true"
+ export GROUPER_ORIGFILE_GROUPER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=false"
+ export GROUPER_ORIGFILE_GROUPER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/tomee/conf/server.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_SERVER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SERVER_XML=true"
+ export GROUPER_ORIGFILE_SERVER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_SERVER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SERVER_XML=false"
+ export GROUPER_ORIGFILE_SERVER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_LOG4J_PROPERTIES" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_LOG4J_PROPERTIES=true"
+ export GROUPER_ORIGFILE_LOG4J_PROPERTIES=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_LOG4J_PROPERTIES" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_LOG4J_PROPERTIES=false"
+ export GROUPER_ORIGFILE_LOG4J_PROPERTIES=false
+ fi
+
+ setupFiles_originalFile /etc/httpd/conf/httpd.conf
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_HTTPD_CONF" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_CONF=true"
+ export GROUPER_ORIGFILE_HTTPD_CONF=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_HTTPD_CONF" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_CONF=false"
+ export GROUPER_ORIGFILE_HTTPD_CONF=false
+ fi
+
+ setupFiles_originalFile /etc/httpd/conf.d/ssl-enabled.conf
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SSL_ENABLED_CONF=true"
+ export GROUPER_ORIGFILE_SSL_ENABLED_CONF=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SSL_ENABLED_CONF=false"
+ export GROUPER_ORIGFILE_SSL_ENABLED_CONF=false
+ fi
+
+ setupFiles_originalFile /etc/httpd/conf.d/httpd-shib.conf
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=true"
+ export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=false"
+ export GROUPER_ORIGFILE_HTTPD_SHIB_CONF=false
+ fi
+
+ setupFiles_originalFile /etc/httpd/conf.d/shib.conf
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_SHIB_CONF" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SHIB_CONF=true"
+ export GROUPER_ORIGFILE_SHIB_CONF=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_SHIB_CONF" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_SHIB_CONF=false"
+ export GROUPER_ORIGFILE_SHIB_CONF=false
+ fi
+
+ setupFiles_originalFile /opt/tomee/conf/Catalina/localhost/grouper.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=true"
+ export GROUPER_ORIGFILE_GROUPER_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_GROUPER_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_GROUPER_XML=false"
+ export GROUPER_ORIGFILE_GROUPER_XML=false
+ fi
+
+ setupFiles_originalFile /opt/grouper/grouperWebapp/WEB-INF/web.xml
+ original_file=$?
+ if [ -z "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" ] && [[ $original_file -eq 0 ]]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_WEBAPP_WEB_XML=true"
+ export GROUPER_ORIGFILE_WEBAPP_WEB_XML=true
+ fi
+ if [ -z "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" ] ; then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_analyzeOriginalFiles) export GROUPER_ORIGFILE_WEBAPP_WEB_XML=false"
+ export GROUPER_ORIGFILE_WEBAPP_WEB_XML=false
+ fi
+
+}
+
+setupFiles_removePids() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /run/httpd/httpd.pid ]; then
+ rm -f /run/httpd/httpd.pid
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_removePids) rm -f /run/httpd/httpd.pid , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFiles() {
+
+ setupFiles_removePids
+
+ if [ "$GROUPER_SETUP_FILES_COMPLETE" = "true" ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles) GROUPER_SETUP_FILES_COMPLETE=true, skipping setting up files (including not syncing slashRoot again)"
+ setupFiles_unsetAllAndFromFiles
+ return
+ fi
+
+ setupFiles_rsyncSlashRoot
+
+ setupFiles_analyzeOriginalFiles
+
+ # do this first
+ setupFiles_storeEnvVars
+
+ setupFiles_linkGrouperSecrets
+
+ # this needs to be first
+ setupFilesForProcess_supervisor
+
+ setupFilesApache
+
+ setupFilesTomcat
+
+ setupFilesForProcess
+
+ # this needs to be last
+ setupFilesForProcess_supervisorFinal
+
+ setupFilesForComponent
+
+ setupFiles_localLogging
+
+ setupFiles_loggingPrefix
+
+ grouperScriptHooks_setupFilesPost
+
+ # do this last
+ setupFiles_chownDirs
+
+ grouperScriptHooks_setupFilesPostChown
+
+ export GROUPER_SETUP_FILES_COMPLETE=true
+ echo 'export GROUPER_SETUP_FILES_COMPLETE=true' >> /opt/grouper/grouperEnv.sh
+
+ setupFiles_unsetAllAndFromFiles
+}
+
+setupFiles_unsetAllAndFromFiles() {
+ setupFiles_unsetAll
+ setupFilesApache_unsetAll
+ setupFilesForComponent_unsetAll
+ setupFilesForProcess_unsetAll
+ setupFilesTomcat_unsetAll
+ grouperScriptHooks_unsetAll
+}
+
+
+setupFiles_unsetAll() {
+ unset -f setupFiles
+ unset -f setupFiles_analyzeOriginalFiles
+ unset -f setupFiles_chownDirs
+ unset -f setupFiles_linkGrouperSecrets
+ unset -f setupFiles_localLogging
+ unset -f setupFiles_loggingPrefix
+ unset -f setupFiles_originalFile
+ unset -f setupFiles_removePids
+ unset -f setupFiles_rsyncSlashRoot
+ unset -f setupFiles_storeEnvVars
+ unset -f setupFiles_unsetAll
+ unset -f setupFiles_unsetAllAndFromFiles
+}
+
+setupFiles_exportAll() {
+ export -f setupFiles
+ export -f setupFiles_analyzeOriginalFiles
+ export -f setupFiles_chownDirs
+ export -f setupFiles_linkGrouperSecrets
+ export -f setupFiles_localLogging
+ export -f setupFiles_loggingPrefix
+ export -f setupFiles_originalFile
+ export -f setupFiles_removePids
+ export -f setupFiles_rsyncSlashRoot
+ export -f setupFiles_storeEnvVars
+ export -f setupFiles_unsetAll
+ export -f setupFiles_unsetAllAndFromFiles
+}
+
+# export everything
+setupFiles_exportAll
+
+
diff --git a/container_files/usr-local-bin/librarySetupFilesApache.sh b/container_files/usr-local-bin/librarySetupFilesApache.sh
new file mode 100644
index 00000000..bd64adba
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesApache.sh
@@ -0,0 +1,222 @@
+#!/bin/bash
+
+setupFilesApache_indexes() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_APACHE_DIRECTORY_INDEXES" = "false" ]
+ then
+ if [ "$GROUPER_ORIGFILE_HTTPD_CONF" = "true" ]; then
+ # take out the directory indexes from the docroot
+ cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.pre_noindexes
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.pre_noindexes, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ patch /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/httpd.conf.noindexes.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) Patch httpd.conf to turn off indexes 'patch /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/httpd.conf.noindexes.patch' result=$returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_indexes) /etc/httpd/conf/httpd.conf is not the original file so will not be changed"
+ fi
+ fi
+
+}
+
+setupFilesApache_ssl() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" != "true" ]
+ then
+ if [ -f /etc/httpd/conf.d/ssl.conf ]
+ then
+ mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.dontuse
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ssl) mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.dontuse , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ if [ -f /etc/httpd/conf.d/ssl-enabled.conf ]
+ then
+ mv -v /etc/httpd/conf.d/ssl-enabled.conf /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ssl) mv -v /etc/httpd/conf.d/ssl-enabled.conf /etc/httpd/conf.d/ssl-enabled.conf.dontuse , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ] ; then
+
+ if [ "$GROUPER_SSL_USE_STAPLING" = "true" ]; then
+ sed -i "s|__GROUPER_SSL_USE_STAPLING__|on|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ sed -i "s|__GROUPER_SSL_USE_STAPLING__|off|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_SSL_USE_STAPLING__|on|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+
+ sed -i "s|__GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CERT_FILE__|$GROUPER_SSL_CERT_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ sed -i "s|__GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Set cert file: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_KEY_FILE__|$GROUPER_SSL_KEY_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ if [ "$GROUPER_SSL_USE_CHAIN_FILE" = "true" ]; then
+
+ sed -i "s|__GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__|$GROUPER_SSL_CHAIN_FILE|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+
+ else
+ sed -i "s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) No chain setting: sed -i \"s|SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__||g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+
+ fi
+}
+
+
+
+setupFilesApache_serverName() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_SERVER_NAME" ] && [ "$GROUPER_APACHE_SERVER_NAME" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_serverName) Appending ServerName to grouper-www.conf"
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "ServerName $GROUPER_APACHE_SERVER_NAME" >> /etc/httpd/conf.d/grouper-www.conf
+ echo "UseCanonicalName On" >> /etc/httpd/conf.d/grouper-www.conf
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_serverName) Setup ServerName $GROUPER_APACHE_SERVER_NAME in /etc/httpd/conf.d/grouper-www.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesApache_remoteip() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_HEADER" ] && [ "$GROUPER_APACHE_REMOTE_IP_HEADER" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPHeader to grouper-www.conf"
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "RemoteIPHeader $GROUPER_APACHE_REMOTE_IP_HEADER" >> /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPHeader $GROUPER_APACHE_REMOTE_IP_HEADER\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" ] && [ "$GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPTrustedProxy to grouper-www.conf"
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "RemoteIPTrustedProxy $GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY" >> /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPTrustedProxy $GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" ] && [ "$GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" != "" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) Appending RemoteIPInternalProxy to grouper-www.conf"
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "RemoteIPInternalProxy $GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY" >> /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_remoteip) echo \"RemoteIPInternalProxy $GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesApache_status() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_STATUS_PATH" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "none" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) Appending status to grouper-www.conf"
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ # ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401
+ echo "ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401" >> /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ echo >> /etc/httpd/conf.d/grouper-www.conf
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) echo \"ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFilesApache_supervisor() {
+ if [ "$GROUPER_RUN_APACHE" = "true" ]
+ then
+ cat /opt/tier-support/supervisord-httpd.conf >> /opt/tier-support/supervisord.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_supervisor) cat /opt/tier-support/supervisord-httpd.conf >> /opt/tier-support/supervisord.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesApache_ports() {
+
+ # filter the ssl config for ssl port
+
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -f /etc/httpd/conf.d/ssl-enabled.conf ] && [ "$GROUPER_ORIGFILE_SSL_ENABLED_CONF" = "true" ]
+ then
+ sed -i "s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g" /etc/httpd/conf.d/ssl-enabled.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) sed -i \"s|__GROUPER_APACHE_SSL_PORT__|$GROUPER_APACHE_SSL_PORT|g\" /etc/httpd/conf.d/ssl-enabled.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_APACHE_NONSSL_PORT" != "80" ]
+ then
+ sed -i "s|Listen 80|Listen $GROUPER_APACHE_NONSSL_PORT|g" /etc/httpd/conf/httpd.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_ports) Replace apache non-ssl port in httpd.conf, sed -i \"s|Listen 80|Listen $GROUPER_APACHE_NONSSL_PORT|g\" /etc/httpd/conf/httpd.conf , result: $?"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+
+setupFilesApache() {
+ setupFilesApache_supervisor
+ setupFilesApache_ports
+ setupFilesApache_remoteip
+ setupFilesApache_ssl
+ setupFilesApache_status
+ setupFilesApache_serverName
+ setupFilesApache_indexes
+}
+
+setupFilesApache_unsetAll() {
+ unset -f setupFilesApache
+ unset -f setupFilesApache_indexes
+ unset -f setupFilesApache_ports
+ unset -f setupFilesApache_remoteip
+ unset -f setupFilesApache_ssl
+ unset -f setupFilesApache_status
+ unset -f setupFilesApache_supervisor
+ unset -f setupFilesApache_unsetAll
+ unset -f setupFilesApache_serverName
+}
+
+setupFilesApache_exportAll() {
+ export -f setupFilesApache
+ export -f setupFilesApache_indexes
+ export -f setupFilesApache_ports
+ export -f setupFilesApache_remoteip
+ export -f setupFilesApache_ssl
+ export -f setupFilesApache_status
+ export -f setupFilesApache_supervisor
+ export -f setupFilesApache_unsetAll
+ export -f setupFilesApache_serverName
+}
+
+# export everything
+setupFilesApache_exportAll
+
+
diff --git a/container_files/usr-local-bin/librarySetupFilesForComponent.sh b/container_files/usr-local-bin/librarySetupFilesForComponent.sh
new file mode 100644
index 00000000..e41f37a0
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesForComponent.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+
+setupFilesForComponent_ws() {
+
+ # copy files to their appropriate locations based on passed in flags
+ if [ "$GROUPER_WS" = "true" ]
+ then
+ cp -ra /opt/grouper/grouperWebapp/WEB-INF/libWs/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_ws) cp -r /opt/grouper/grouperWebapp/WEB-INF/libWs/* /opt/grouper/grouperWebapp/WEB-INF/lib/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesForComponent_scim() {
+
+ if [ "$GROUPER_SCIM" = "true" ]
+ then
+ cp -ra /opt/grouper/grouperWebapp/WEB-INF/libScim/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_scim) cp -r /opt/grouper/grouperWebapp/WEB-INF/libScim/* /opt/grouper/grouperWebapp/WEB-INF/lib/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesForComponent_ui() {
+
+ if [ "$GROUPER_UI" = "true" ] || [ "$GROUPER_DAEMON" = "true" ]
+ then
+ cp -ra /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_ui) cp -r /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/* /opt/grouper/grouperWebapp/WEB-INF/lib/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesForComponent_quickstart() {
+
+ if [ ! -z "$GROUPERSYSTEM_QUICKSTART_PASS" ]
+ then
+ if [ "$GROUPER_UI_GROUPER_AUTH" = 'true' ]
+ then
+ echo '' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.base.properties
+ echo 'grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig = ${elUtils.processEnvVarOrFile('"'"'GROUPERSYSTEM_QUICKSTART_PASS'"'"')}' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_quickstart) edit grouper.hibernate.base.properties with UI GrouperSystem password for quick start, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ if [ "$GROUPER_WS_GROUPER_AUTH" = 'true' ]
+ then
+ echo '' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.base.properties
+ echo 'grouperPasswordConfigOverride_WS_GrouperSystem_pass.elConfig = ${elUtils.processEnvVarOrFile('"'"'GROUPERSYSTEM_QUICKSTART_PASS'"'"')}' >> /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForComponent.sh-setupFilesForComponent_quickstart) edit grouper.hibernate.base.properties with WS GrouperSystem password for quick start, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+
+}
+
+setupFilesForComponent() {
+
+ setupFilesForComponent_ws
+
+ setupFilesForComponent_scim
+
+ setupFilesForComponent_ui
+
+ setupFilesForComponent_quickstart
+
+}
+
+
+setupFilesForComponent_unsetAll() {
+ unset -f setupFilesForComponent
+ unset -f setupFilesForComponent_quickstart
+ unset -f setupFilesForComponent_scim
+ unset -f setupFilesForComponent_ui
+ unset -f setupFilesForComponent_unsetAll
+ unset -f setupFilesForComponent_ws
+}
+
+setupFilesForComponent_exportAll() {
+ export -f setupFilesForComponent
+ export -f setupFilesForComponent_quickstart
+ export -f setupFilesForComponent_scim
+ export -f setupFilesForComponent_ui
+ export -f setupFilesForComponent_unsetAll
+ export -f setupFilesForComponent_ws
+
+}
+
+# export everything
+setupFilesForComponent_exportAll
+
+
diff --git a/container_files/usr-local-bin/librarySetupFilesForProcess.sh b/container_files/usr-local-bin/librarySetupFilesForProcess.sh
new file mode 100644
index 00000000..7a19cdd1
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesForProcess.sh
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+setupFilesForProcess_supervisor() {
+
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
+ # clear out existing supervisord config
+ cat /opt/tier-support/supervisord-base.conf > /opt/tier-support/supervisord.conf
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisor) Clear out supervisor.conf , result: $returnCode"
+ returnCode=$?
+ fi
+}
+
+setupFilesForProcess() {
+
+ setupFilesForProcess_shib
+
+}
+
+setupFilesForProcess_supervisorFinal() {
+
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
+ if [ "$GROUPER_RUN_PROCESSES_AS_USERS" = "true" ]
+ then
+ # let these lines live
+ sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__||g" /opt/tier-support/supervisord.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisorFinal) Running processes as users in supervisord.conf, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ # comment out these lines
+ sed -i "s|__GROUPER_RUN_PROCESSES_AS_USERS__|;|g" /opt/tier-support/supervisord.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_supervisorFinal) Commenting out running processes as users in supervisord.conf, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ fi
+}
+
+setupFilesForProcess_shib() {
+
+ if [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]; then
+ if [ -f /etc/httpd/conf.d/shib.conf ]
+ then
+ mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.dontuse , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+
+ if [ "$GROUPER_RUN_SHIB_SP" = "true" ]
+ then
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) Appending supervisord-shibsp.conf to supervisord.conf"
+ cat /opt/tier-support/supervisord-shibsp.conf >> /opt/tier-support/supervisord.conf
+ returnCode=$?
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ if [ "$GROUPER_ORIGFILE_HTTPD_SHIB_CONF" = "true" ]; then
+ cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) cp /opt/tier-support/httpd-shib.conf /etc/httpd/conf.d/ , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) /etc/httpd/conf.d/httpd-shib.conf is not the original file so will not be edited"
+ fi
+ if [ "$GROUPER_ORIGFILE_SHIB_CONF" = "true" ]; then
+ mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) mv /etc/httpd/conf.d/shib.conf.dontuse /etc/httpd/conf.d/shib.conf , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesForProcess.sh-setupFilesForProcess_shib) /etc/httpd/conf.d/shib.conf is not the original file so will not be edited"
+ fi
+ fi
+ fi
+
+}
+
+setupFilesForProcess_unsetAll() {
+
+ unset -f setupFilesForProcess
+ unset -f setupFilesForProcess_shib
+ unset -f setupFilesForProcess_supervisor
+ unset -f setupFilesForProcess_supervisorFinal
+ unset -f setupFilesForProcess_unsetAll
+
+}
+
+setupFilesForProcess_exportAll() {
+
+ export -f setupFilesForProcess
+ export -f setupFilesForProcess_shib
+ export -f setupFilesForProcess_supervisor
+ export -f setupFilesForProcess_supervisorFinal
+ export -f setupFilesForProcess_unsetAll
+}
+
+# export everything
+setupFilesForProcess_exportAll
diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
new file mode 100644
index 00000000..ad6d73a0
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -0,0 +1,357 @@
+#!/bin/bash
+
+setupFilesTomcat() {
+ setupFilesTomcat_turnOnAjp
+ setupFilesTomcat_supervisor
+ setupFilesTomcat_authn
+ setupFilesTomcat_context
+ setupFilesTomcat_ports
+ setupFilesTomcat_accessLogs
+ setupFilesTomcat_sessionTimeout
+ setupFilesTomcat_ssl
+ setupFilesTomcat_sslCertsAnchors
+ setupFilesTomcat_sslCertsClient
+}
+
+
+setupFilesTomcat_turnOnAjp() {
+
+ if [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]; then
+ cp /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.currentOriginalInContainer
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) cp /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.currentOriginalInContainer , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.turnOnAjp.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) Patch server.xml to turn on ajp: patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.turnOnAjp.patch, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) /opt/tomee/conf/server.xml is not the original file so will not be edited"
+ fi
+
+}
+
+setupFilesTomcat_accessLogs() {
+
+ if [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]; then
+ if [ "$GROUPER_TOMCAT_LOG_ACCESS" = "true" ]; then
+
+ # this patch happens after the last patch
+ patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.loggingpipe.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Patch server.xml to log access: patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.loggingpipe.patch , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ else
+
+ patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.nologging.patch
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Patch server.xml to not log access: patch /opt/tomee/conf/server.xml /opt/tomee/conf/server.xml.nologging.patch , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) /opt/tomee/conf/server.xml is not the original file so will not be edited"
+ fi
+
+}
+
+setupFilesTomcat_ports() {
+
+ if [ "$GROUPER_TOMCAT_HTTP_PORT" != "8080" ]; then
+ sed -i "s|8080|$GROUPER_TOMCAT_HTTP_PORT|g" /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change http port: sed -i \"s|8080|$GROUPER_TOMCAT_HTTP_PORT|g\" /opt/tomee/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_AJP_PORT" != "8009" ]; then
+ sed -i "s|8009|$GROUPER_TOMCAT_AJP_PORT|g" /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change ajp port: sed -i \"s|8009|$GROUPER_TOMCAT_AJP_PORT|g\" /opt/tomee/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_MAX_HEADER_COUNT" != "-1" ]; then
+ # add in maxHeaderCount since new chrome sends too many headers
+ sed -i "s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g" /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml add maxHeaderCount: sed -i \"s|port=\"$GROUPER_TOMCAT_AJP_PORT\"|port=\"$GROUPER_TOMCAT_AJP_PORT\" maxHeaderCount=\"$GROUPER_TOMCAT_MAX_HEADER_COUNT\" |g\" /opt/tomee/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+ if [ "$GROUPER_TOMCAT_SHUTDOWN_PORT" != "8005" ]; then
+ sed -i "s|8005|$GROUPER_TOMCAT_SHUTDOWN_PORT|g" /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change shutdown port: sed -i \"s|8005|$GROUPER_TOMCAT_SHUTDOWN_PORT|g\" /opt/tomee/conf/server.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFilesTomcat_context() {
+
+ if [ -f /opt/tomee/conf/Catalina/localhost/grouper.xml ]
+ then
+ if [ "$GROUPER_ORIGFILE_GROUPER_XML" = "true" ]; then
+ # ws only and scim only dont have cookies
+ sed -i "s|__GROUPER_CONTEXT_COOKIES__|$GROUPER_CONTEXT_COOKIES|g" /opt/tomee/conf/Catalina/localhost/grouper.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Replace context cookies in grouper.xml: sed -i \"s|__GROUPER_CONTEXT_COOKIES__|$GROUPER_CONTEXT_COOKIES|g\" /opt/tomee/conf/Catalina/localhost/grouper.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # setup context
+ sed -i "s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g" /opt/tomee/conf/Catalina/localhost/grouper.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Replace tomcat context in grouper.xml: sed -i \"s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g\" /opt/tomee/conf/Catalina/localhost/grouper.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ # rename file if needed since that can matter with tomcat
+ if [ "$GROUPER_TOMCAT_CONTEXT" != "grouper" ]
+ then
+ mv -v /opt/tomee/conf/Catalina/localhost/grouper.xml "/opt/tomee/conf/Catalina/localhost/$GROUPER_TOMCAT_CONTEXT.xml"
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) mv -v /opt/tomee/conf/Catalina/localhost/grouper.xml \"/opt/tomee/conf/Catalina/localhost/$GROUPER_TOMCAT_CONTEXT.xml\" , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) /opt/tomee/conf/Catalina/localhost/grouper.xml is not the original file so will not be edited"
+ fi
+ fi
+
+ # setup the apache linkage to tomcat
+ if [ -f /etc/httpd/conf.d/grouper-www.conf ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]
+ then
+ sed -i "s|__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__|$GROUPER_APACHE_AJP_TIMEOUT_SECONDS|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$?"
+ sed -i "s|__GROUPER_TOMCAT_CONTEXT__|$GROUPER_TOMCAT_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ sed -i "s|__GROUPER_URL_CONTEXT__|$GROUPER_URL_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ sed -i "s|__GROUPERWS_URL_CONTEXT__|$GROUPERWS_URL_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ sed -i "s|__GROUPERSCIM_URL_CONTEXT__|$GROUPERSCIM_URL_CONTEXT|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ sed -i "s|__GROUPER_PROXY_PASS__|$GROUPER_PROXY_PASS|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+
+ if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" = "true" ]; then
+ sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__||g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ else
+ sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__|#|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ fi
+
+ if [ -f /etc/httpd/conf.d/ssl-enabled.conf ]; then
+ sed -i "s|__GROUPER_PROXY_PASS__|$GROUPER_PROXY_PASS|g" /etc/httpd/conf.d/ssl-enabled.conf
+ results="$results $?"
+
+ if [ "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" = "true" ]; then
+ sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__||g" /etc/httpd/conf.d/ssl-enabled.conf
+ results="$results $?"
+ else
+ sed -i "s|__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__|#|g" /etc/httpd/conf.d/ssl-enabled.conf
+ results="$results $?"
+ fi
+ fi
+ sed -i "s|__GROUPERSCIM_PROXY_PASS__|$GROUPERSCIM_PROXY_PASS|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ sed -i "s|__GROUPERWS_PROXY_PASS__|$GROUPERWS_PROXY_PASS|g" /etc/httpd/conf.d/grouper-www.conf
+ returnCode=$?
+ results="$results $returnCode"
+ if [ "$GROUPER_TOMCAT_AJP_PORT" != "8009" ]; then
+ sed -i "s|:8009/|:$GROUPER_TOMCAT_AJP_PORT/|g" /etc/httpd/conf.d/grouper-www.conf
+ results="$results $?"
+ fi
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_context) Set contexts in grouper-www.conf and other files, results: $results"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesTomcat_authn() {
+
+ if [ "$GROUPER_WS_TOMCAT_AUTHN" = "true" ]
+ then
+
+ if [ "$GROUPER_ORIGFILE_WEBAPP_WEB_XML" = "true" ]; then
+ cp /opt/tier-support/web.wsTomcatAuthn.xml /opt/grouper/grouperWebapp/WEB-INF/web.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) cp /opt/tier-support/web.wsTomcatAuthn.xml /opt/grouper/grouperWebapp/WEB-INF/web.xml , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) /opt/grouper/grouperWebapp/WEB-INF/web.xml is not the original file so will not be edited"
+ fi
+
+ sed -i 's|tomcatAuthentication="false"|tomcatAuthentication="true"|g' /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_authn) sed -i 's|tomcatAuthentication=\"false\"|tomcatAuthentication=\"true\"|g' /opt/tomee/conf/server.xml, result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+ fi
+
+}
+
+setupFilesTomcat_supervisor() {
+
+ if [ "$GROUPER_RUN_TOMEE" = "true" ] && [ "$GROUPER_RUN_TOMCAT_NOT_SUPERVISOR" != "true" ]
+ then
+ cat /opt/tier-support/supervisord-tomee.conf >> /opt/tier-support/supervisord.conf
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_supervisor) Append supervisord-tomee.conf to supervisord.conf: cat /opt/tier-support/supervisord-tomee.conf >> /opt/tier-support/supervisord.conf , result: $returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+
+}
+
+setupFilesTomcat_sessionTimeout() {
+
+ if [ "$GROUPER_RUN_TOMEE" = "true" ] && [ "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" != "-2" ]
+ then
+ sed -i "s|<session-timeout>30</session-timeout>|<session-timeout>$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES</session-timeout>|g" /opt/tomee/conf/web.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sessionTimeout) based on GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES, sed -i \"s|<session-timeout>30</session-timeout>|<session-timeout>$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES</session-timeout>|g\" /opt/tomee/conf/web.xml , result=$returnCode"
+ if [ $returnCode != 0 ]; then exit $returnCode; fi
+ fi
+}
+
+setupFilesTomcat_ssl() {
+
+ if [ "$GROUPER_WEBCLIENT_IS_SSL" = "false" ]
+ then
+ sed -i 's|secure="true"||g' /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|secure=\"true\"||g' /opt/tomee/conf/server.xml , result=$returnCode"
+ if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+ then
+ exit $returnCode
+ fi
+ sed -i 's|scheme="https"|scheme="http"|g' /opt/tomee/conf/server.xml
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|scheme=\"https\"|scheme=\"http\"|g' /opt/tomee/conf/server.xml , result=$returnCode"
+ if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+ then
+ exit $returnCode
+ fi
+ fi
+}
+
+setupFilesTomcat_sslCertsAnchors() {
+
+ # the container user (we arent sure who this is) should be able to update root certs
+ # echo 'ALL ALL=NOPASSWD: /bin/update-ca-trust' | sudo EDITOR='tee -n' visudo
+
+
+ if [ -n "$(ls -A /opt/grouper/certs/anchors/ 2>/dev/null)" ]; then
+
+ amiroot=`whoami`
+ if [ "$amiroot" = "root" ]; then
+
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are anchor certs in /opt/grouper/certs/anchors/ to process"
+
+ /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ /bin/update-ca-trust
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /bin/update-ca-trust , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are anchor certs in /opt/grouper/certs/anchors/ to process but not running as root so run this in subimage: /bin/update-ca-trust"
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are no anchor certs in /opt/grouper/certs/anchors/ to process"
+ fi
+
+}
+
+setupFilesTomcat_sslCertsClient() {
+
+ if [ -n "$(ls -A /opt/grouper/certs/client/*.pem 2>/dev/null)" ]; then
+
+ chmod u+w /usr/lib/jvm/java/jre/lib/security/cacerts
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u+w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ for fileName in /opt/grouper/certs/client/*.pem; do
+ [ -f "$fileName" ] || break
+
+ fileNameNoExtension=$(basename -- "$fileName")
+ fileNameNoExtension="${fileNameNoExtension%.*}"
+ /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore /usr/lib/jvm/java/jre/lib/security/cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
+
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore /usr/lib/jvm/java/jre/lib/security/cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ done
+
+ chmod u-w /usr/lib/jvm/java/jre/lib/security/cacerts
+ returnCode=$?
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u-w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
+ if [ $returnCode != 0 ]
+ then
+ exit $returnCode
+ fi
+
+ else
+ echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsClient) There are no client certs in /opt/grouper/certs/client/*.pem to process"
+ fi
+
+}
+
+
+setupFilesTomcat_unsetAll() {
+
+ unset -f setupFilesTomcat
+ unset -f setupFilesTomcat_authn
+ unset -f setupFilesTomcat_context
+ unset -f setupFilesTomcat_ports
+ unset -f setupFilesTomcat_ssl
+ unset -f setupFilesTomcat_sslCertsAnchors
+ unset -f setupFilesTomcat_sslCertsClient
+ unset -f setupFilesTomcat_supervisor
+ unset -f setupFilesTomcat_unsetAll
+ unset -f setupFilesTomcat_accessLogs
+ unset -f setupFilesTomcat_sessionTimeout
+ unset -f setupFilesTomcat_turnOnAjp
+
+}
+
+setupFilesTomcat_exportAll() {
+
+ export -f setupFilesTomcat
+ export -f setupFilesTomcat_authn
+ export -f setupFilesTomcat_context
+ export -f setupFilesTomcat_ports
+ export -f setupFilesTomcat_ssl
+ export -f setupFilesTomcat_sslCertsAnchors
+ export -f setupFilesTomcat_sslCertsClient
+ export -f setupFilesTomcat_supervisor
+ export -f setupFilesTomcat_unsetAll
+ export -f setupFilesTomcat_accessLogs
+ export -f setupFilesTomcat_sessionTimeout
+ export -f setupFilesTomcat_turnOnAjp
+}
+
+# export everything
+setupFilesTomcat_exportAll
+
diff --git a/container_files/usr-local-bin/librarySetupPipe.sh b/container_files/usr-local-bin/librarySetupPipe.sh
new file mode 100644
index 00000000..4d8589cc
--- /dev/null
+++ b/container_files/usr-local-bin/librarySetupPipe.sh
@@ -0,0 +1,110 @@
+#!/bin/bash
+
+setupPipe() {
+ echo "grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: $1"
+ if [ -e $1 ]; then
+ rm -f $1
+ returnCode=$?
+ fi
+ mkfifo -m 666 $1
+ returnCode=$?
+}
+
+setupPipe_logging() {
+
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ # Make a "console" logging pipe that anyone can write too regardless of who owns the process.
+ setupPipe /tmp/logpipe
+ cat <> /tmp/logpipe &
+ fi
+}
+
+# Make loggers pipes for the supervisord connected apps' console, so that we can prepend the streams.
+setupPipe_grouperLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ setupPipe /tmp/loggrouper
+ (cat <> /tmp/loggrouper | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "grouper;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ fi
+}
+
+setupPipe_httpdLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ if [ "$GROUPER_RUN_APACHE" = "true" ]
+ then
+ setupPipe /tmp/loghttpd
+ (cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ fi
+ fi
+}
+
+setupPipe_shibdLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ if [ "$GROUPER_RUN_SHIB_SP" = "true" ]
+ then
+ if [ "$GROUPER_SHIB_LOG_USE_PIPE" = "true" ]
+ then
+ setupPipe /tmp/logshibd
+ (cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ fi
+ fi
+ fi
+}
+
+setupPipe_tomcatLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ if [ "$GROUPER_RUN_TOMEE" = "true" ] && [ "$GROUPER_LOG_TO_HOST" != "true" ]
+ then
+ setupPipe /tmp/logtomcat
+ (cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomee;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ fi
+ fi
+}
+
+setupPipe_tomcatAccessLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ if [ "$GROUPER_TOMCAT_LOG_ACCESS" = "true" ]; then
+
+ setupPipe /tmp/tomcat_access_log
+ (cat <> /tmp/tomcat_access_log | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "tomcat-access;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe) &
+ fi
+ fi
+}
+
+setupPipe_supervisordLog() {
+ if [ "$GROUPER_USE_PIPES" == "true" ]; then
+ setupPipe /tmp/logsuperd
+ (cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' &>/tmp/logpipe) &
+ fi
+}
+
+setupPipe_unsetAll() {
+
+ unset -f setupPipe
+ unset -f setupPipe_grouperLog
+ unset -f setupPipe_httpdLog
+ unset -f setupPipe_logging
+ unset -f setupPipe_shibdLog
+ unset -f setupPipe_supervisordLog
+ unset -f setupPipe_tomcatLog
+ unset -f setupPipe_tomcatAccessLog
+ unset -f setupPipe_unsetAll
+
+}
+
+setupPipe_exportAll() {
+
+ export -f setupPipe
+ export -f setupPipe_grouperLog
+ export -f setupPipe_httpdLog
+ export -f setupPipe_logging
+ export -f setupPipe_shibdLog
+ export -f setupPipe_supervisordLog
+ export -f setupPipe_tomcatLog
+ export -f setupPipe_tomcatAccessLog
+ export -f setupPipe_unsetAll
+
+}
+
+# export everything
+setupPipe_exportAll
+
diff --git a/container_files/usr-local-bin/quickstart b/container_files/usr-local-bin/quickstart
new file mode 100755
index 00000000..0fb7d383
--- /dev/null
+++ b/container_files/usr-local-bin/quickstart
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+prep_quickstart
+prep_ui
+prep_ws
+prep_scim
+prep_daemon
+prep_finish
+setupFiles
+
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/scim b/container_files/usr-local-bin/scim
index ffe12b37..f50697ac 100755
--- a/container_files/usr-local-bin/scim
+++ b/container_files/usr-local-bin/scim
@@ -1,7 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_scim
+prep_finish
+setupFiles
-prepSCIM
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomee.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui
index a03ed585..ef417f8b 100755
--- a/container_files/usr-local-bin/ui
+++ b/container_files/usr-local-bin/ui
@@ -1,9 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ui
+prep_finish
+setupFiles
-prepUI
-
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws
index de1384c4..4e5dd61e 100755
--- a/container_files/usr-local-bin/ui-ws
+++ b/container_files/usr-local-bin/ui-ws
@@ -1,10 +1,8 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ui
+prep_ws
+prep_finish
+setupFiles
-prepUI
-prepWS
-
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH
-
-/usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws
index 0e10b688..6fafe7f0 100755
--- a/container_files/usr-local-bin/ws
+++ b/container_files/usr-local-bin/ws
@@ -1,7 +1,7 @@
#!/bin/bash
-. /usr/local/bin/library.sh
+prep_ws
+prep_finish
+setupFiles
-prepWS
-
-exec /usr/bin/supervisord -c /opt/tier-support/supervisord-tomcat.conf
+runCommand
\ No newline at end of file
diff --git a/container_files/ws/classes/log4j.properties b/container_files/ws/classes/log4j.properties
deleted file mode 100644
index c104dc10..00000000
--- a/container_files/ws/classes/log4j.properties
+++ /dev/null
@@ -1,144 +0,0 @@
-
-#
-# Copyright 2014 Internet2
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#${grouper.home} will be substituted with the System property "grouper.home", which must have a trailing \ or /
-# depending on your OS. Of course you can use absolute paths if you prefer
-
-
-#
-# log4j Configuration
-# $Id: log4j.example.properties,v 1.13 2009-12-18 13:56:51 tzeller Exp $
-#
-
-# Appenders
-
-## Grouper API event logging
-log4j.appender.grouper_event = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file = /tmp/logpipe
-log4j.appender.grouper_event.append = true
-log4j.appender.grouper_event.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern = grouper-ws;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Grouper API error logging
-log4j.appender.grouper_error = org.apache.log4j.FileAppender
-log4j.appender.grouper_error.file = /tmp/logpipe
-log4j.appender.grouper_errot.append = true
-log4j.appender.grouper_error.layout = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern = grouper-ws;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-#log4j.appender.grouper_error.layout.ConversionPattern = %d{ISO8601}: %m%n
-
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file = /tmp/logpipe
-log4j.appender.grouper_debug.append = true
-log4j.appender.grouper_debug.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern = grouper-ws;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file = /tmp/logpipe
-log4j.appender.grouper_gb.append = true
-log4j.appender.grouper_gb.layout = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern = grouper-ws;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-# Loggers
-
-## Default logger; will log *everything*
-log4j.rootLogger = ERROR, grouper_error
-
-## All Internet2 (warn to grouper_error per default logger)
-log4j.logger.edu.internet2.middleware = WARN
-
-
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives. To remove duplicate entries, just change the
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider = ERROR, grouper_error
-### Hibernate
-#log4j.logger.org.hibernate = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress = INFO, grouper_debug
-
-
-#######################################################
-##Optional settings for debug logs
-#######################################################
-
-## Hooks debug info
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook = DEBUG
-#log4j.logger.edu.internet2.middleware.grouper.Group = DEBUG
-
-#log4j.logger.edu.internet2.middleware.grouper.hooks.examples.GroupTypeSecurityHook = DEBUG
-
-
-# added by grouper-installer
-log4j.logger.org.apache.tools.ant = WARN
diff --git a/manualBuild.sh b/manualBuild.sh
index 67b7d8a8..16fcc3f4 100755
--- a/manualBuild.sh
+++ b/manualBuild.sh
@@ -1,4 +1,4 @@
-docker build --pull --tag=tier/grouper:latest . \
+docker build --pull --tag=itap/grouper:latest . \
if [[ "$OSTYPE" == "darwin"* ]]; then
say build complete
diff --git a/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties b/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
index 96abb4cd..1bcf6449 100644
--- a/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
+++ b/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties
@@ -16,8 +16,6 @@
# e.g. mysql: jdbc:mysql://localhost:3306/grouper
# e.g. p6spy (log sql): [use the URL that your DB requires]
# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
hibernate.connection.url = jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
diff --git a/test-compose/configs-and-secrets/grouper/morphString.properties b/test-compose/configs-and-secrets/grouper/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/configs-and-secrets/grouper/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/daemon/Dockerfile b/test-compose/daemon/Dockerfile
index f6203505..92b58121 100644
--- a/test-compose/daemon/Dockerfile
+++ b/test-compose/daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile
index e4ffb7f8..bf1e104a 100644
--- a/test-compose/data/Dockerfile
+++ b/test-compose/data/Dockerfile
@@ -1,9 +1,9 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
COPY container_files/seed-data/ /seed-data/
-COPY container_files/conf/ /opt/grouper/grouper.apiBinary/conf/
+COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
RUN yum install -y epel-release \
&& yum update -y \
@@ -44,8 +44,8 @@ RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
(mysqld_safe & ) \
&& while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
- bin/gsh -registry -check -runscript -noprompt \
- && bin/gsh /seed-data/bootstrap.gsh
+ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+ && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /seed-data/bootstrap.gsh
EXPOSE 389 3306
diff --git a/test-compose/data/container_files/conf/grouper.client.properties b/test-compose/data/container_files/conf/grouper.client.properties
new file mode 100644
index 00000000..dcc50ae7
--- /dev/null
+++ b/test-compose/data/container_files/conf/grouper.client.properties
@@ -0,0 +1,112 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.example.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings. See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url =
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login =
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password =
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = https://ws/grouper-ws/servicesRest
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = banderson
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password.elConfig = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
+
+
+################################
+## Grouper Messaging System
+################################
+
+# name of messaging system which is the default
+grouper.messaging.default.name.of.messaging.system = rabbitmq
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+# grouper.messaging.system.grouperBuiltinMessaging.name = grouperBuiltinMessaging
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+# grouper.messaging.system.grouperBuiltinMessaging.class = edu.internet2.middleware.grouper.messaging.GrouperBuiltinMessagingSystem
+
+# name of a messaging system. note, "grouperBuiltinMessaging" can be arbitrary
+grouper.messaging.system.rabbitmqSystem.name = rabbitmqSystem
+
+# class that implements edu.internet2.middleware.grouperClient.messaging.GrouperMessagingSystem
+grouper.messaging.system.rabbitmqSystem.class = edu.internet2.middleware.grouperMessagingRabbitmq.GrouperMessagingRabbitmqSystem
+
+# host address of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.host = rabbitmq
+
+# virtual host of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.virtualhost =
+
+# port of rabbitmq queue
+grouper.messaging.system.rabbitmqSystem.port =
+
+grouper.messaging.system.rabbitmqSystem.defaultPageSize = 10
+
+grouper.messaging.system.rabbitmqSystem.maxPageSize = 50
+
+
+# name of a messaging system, required
+grouper.messaging.system.rabbitmq.name = rabbitmq
+
+# default system settings to this messaging system, note, there is only one level of inheritance
+grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
+
+grouper.messaging.system.rabbitmq.user = guest
+
+#pass
+grouper.messaging.system.rabbitmq.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
+# set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
+# TLS Version
+#grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1
+
+# path to trust store file
+#grouper.messaging.system.rabbitmqSystem.pathToTrustStore =
+
+# trust passphrase
+#grouper.messaging.system.rabbitmqSystem.trustPassphrase =
\ No newline at end of file
diff --git a/test-compose/data/container_files/conf/grouper.hibernate.properties b/test-compose/data/container_files/conf/grouper.hibernate.properties
index 154b8ebf..7e4f1706 100644
--- a/test-compose/data/container_files/conf/grouper.hibernate.properties
+++ b/test-compose/data/container_files/conf/grouper.hibernate.properties
@@ -16,8 +16,6 @@
# e.g. mysql: jdbc:mysql://localhost:3306/grouper
# e.g. p6spy (log sql): [use the URL that your DB requires]
# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid
-# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true
-# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper
# e.g. postgres: jdbc:postgresql://localhost:5432/database
# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper
hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
diff --git a/test-compose/data/container_files/conf/morphString.properties b/test-compose/data/container_files/conf/morphString.properties
new file mode 100644
index 00000000..52479216
--- /dev/null
+++ b/test-compose/data/container_files/conf/morphString.properties
@@ -0,0 +1 @@
+encrypt.key=fh43IRJ4Nf5
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
index c0e21ed3..e4eb940f 100644
--- a/test-compose/docker-compose.yml
+++ b/test-compose/docker-compose.yml
@@ -207,6 +207,8 @@ services:
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
+ - source: morphString.properties
+ target: grouper_morphString.properties
volumes:
- type: bind
source: ./configs-and-secrets/grouper/grouper.properties
@@ -267,6 +269,9 @@ secrets:
file: ./configs-and-secrets/grouper/subject.properties
sp-key.pem:
file: ./configs-and-secrets/shibboleth/sp-key.pem
+ morphString.properties:
+ file: ./configs-and-secrets/grouper/morphString.properties
+
volumes:
diff --git a/test-compose/gsh/Dockerfile b/test-compose/gsh/Dockerfile
index 33023280..aeabcdd6 100644
--- a/test-compose/gsh/Dockerfile
+++ b/test-compose/gsh/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
MAINTAINER tier-packaging@internet2.edu <tier-packaging@internet2.edu>
diff --git a/test-compose/scim/Dockerfile b/test-compose/scim/Dockerfile
index 6b62e1fc..99843d2b 100644
--- a/test-compose/scim/Dockerfile
+++ b/test-compose/scim/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/ui/Dockerfile b/test-compose/ui/Dockerfile
index 8fec2ae0..5a8a6431 100644
--- a/test-compose/ui/Dockerfile
+++ b/test-compose/ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/test-compose/ws/Dockerfile b/test-compose/ws/Dockerfile
index f5c06b96..ef4802c1 100644
--- a/test-compose/ws/Dockerfile
+++ b/test-compose/ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/grouper:latest
+FROM i2incommon/grouper:latest
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
diff --git a/tests/main.bats b/tests/main.bats
index 0c18d122..c5910c52 100644
--- a/tests/main.bats
+++ b/tests/main.bats
@@ -11,6 +11,6 @@ load ../common
}
-@test "070 There are no known security vulnerabilities" {
- ./tests/clairscan.sh ${maintainer}/${imagename}:latest
-}
+#@test "070 There are no known security vulnerabilities" {
+# ./tests/clairscan.sh ${maintainer}/${imagename}:latest
+#}