.gitignore

@@ -7,3 +7,4 @@ bin/run.sh
 bin/start.sh
 bin/stop.sh
 bin/test.sh
+/.project

Dockerfile

@@ -1,99 +1,57 @@
 FROM centos:centos7 as installing
-
 RUN yum update -y \
-    && yum install -y wget tar unzip dos2unix \
+    && yum install -y wget tar unzip dos2unix patch \
     && yum clean all
+
+RUN yum install -y wget tar unzip dos2unix patch
 
 ARG GROUPER_CONTAINER_VERSION
-
-ENV GROUPER_VERSION=2.4.0 \
-     JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+ENV GROUPER_VERSION=2.6.7 \
      GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
 
-# use Zulu package
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
-       && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
-       && yum -y install zulu-8 
-
-#RUN java_version=8.0.172; \
-#    zulu_version=8.30.0.1; \
-#    echo 'Downloading the OpenJDK Zulu...' \
-#    && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
-#    && echo "0a101a592a177c1c7bc63738d7bc2930  zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
-#    && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
-#    && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
-
-#RUN java_version=8u151; \
-#    java_bnumber=12; \
-#    java_semver=1.8.0_151; \
-#    java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
-#    echo 'Downloading the Oracle Java...' \ 
-#    && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
-#    http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
-#    && echo "$java_hash  server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
-#    && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
-#    && ln -s /opt/jdk$java_semver/ $JAVA_HOME
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O -L $CORRETTO_URL_PERM \
+    && rpm --import corretto-signing-key.pub \
+    && rpm -K $CORRETTO_RPM \
+    && rpm -i $CORRETTO_RPM \
+    && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
 
 RUN echo 'Downloading Grouper Installer...' \
     && mkdir -p /opt/grouper/$GROUPER_VERSION \
-    && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
-
+    && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar
 COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
 # Temporary morphString file used for building, not used in production
 COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
-
-
 RUN echo 'Installing Grouper'; \
     PATH=$PATH:$JAVA_HOME/bin; \
     cd /opt/grouper/$GROUPER_VERSION/ \
     && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
-
-
-
 FROM centos:centos7 as cleanup
-
-ENV GROUPER_VERSION=2.4.0 \
-    TOMCAT_VERSION=8.5.42 \    
+ENV GROUPER_VERSION=2.6.7 \
     TOMEE_VERSION=7.0.0
-
+RUN mkdir -p /opt/grouper/grouperWebapp/
+RUN mkdir -p /opt/tomee/
 COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
-#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/tomee/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/webapp/ /opt/grouper/grouperWebapp/
+RUN ls /opt/grouper/grouperWebapp/
 COPY --from=installing /etc/alternatives/java /etc/alternatives/java
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
-
-RUN cd /opt/grouper/grouper.apiBinary/; \
-    rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
-
-RUN cd /opt/tomcat/; \
-    chmod +r bin/log4j-*.jar; \
-    rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
-
+RUN ls /opt/grouper/
+RUN ls /opt/grouper/grouperWebapp/WEB-INF
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
 RUN cd /opt/tomee/; \
-    chmod +r bin/log4j-*.jar; \
     rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
-
-COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
-COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat/ /opt/tomcat/
+COPY container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/
 COPY container_files/tomee/ /opt/tomee/
 
-
-FROM tier/shibboleth_sp:3.0.4_03122019
-
+FROM tier/shibboleth_sp:3.1.0_04172020
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
       ImageType="Grouper" \
@@ -102,53 +60,67 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 
 ARG GROUPER_CONTAINER_VERSION
 
-ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
-    PATH=$PATH:$JAVA_HOME/bin \
-    GROUPER_HOME=/opt/grouper/grouper.apiBinary \
+ENV PATH=$PATH:$JAVA_HOME/bin \
+    GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF \
     GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
 RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-
 RUN yum update -y \
-    && yum install -y cron logrotate python-pip \
-    && pip install --upgrade pip \
-    && pip install supervisor \
+    && yum install -y cron logrotate python3-pip rsync sudo patch supervisor \
+    && pip3 install --upgrade setuptools \
     && yum clean -y all
+#COPY --from=installing $JAVA_HOME $JAVA_HOME
+# do this again so its in rpm history
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O -L $CORRETTO_URL_PERM \
+    && rpm --import corretto-signing-key.pub \
+    && rpm -K $CORRETTO_RPM \
+    && rpm -i $CORRETTO_RPM \
+    && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
 
-COPY --from=installing $JAVA_HOME $JAVA_HOME
-COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
 COPY --from=cleanup /opt/tomee/ /opt/tomee/
 COPY --from=cleanup /opt/grouper/ /opt/grouper/
-
 RUN groupadd -r tomcat \
     && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
-    && mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
-    && chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
-    && chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/ \
-    && ln -s $JAVA_HOME/bin/java /etc/alternatives/java
-
-# does shib sp3 not generate these files?
-# RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
-
+    && rm -f /etc/alternatives/java \
+    && ln -s $JAVA_HOME/bin/java /etc/alternatives/java \
+    && mkdir -p /opt/tomee/conf/Catalina/localhost/ 
+
 COPY container_files/tier-support/ /opt/tier-support/
 COPY container_files/usr-local-bin/ /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh
 COPY container_files/httpd/* /etc/httpd/conf.d/
 COPY container_files/shibboleth/* /etc/shibboleth/
-
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
-    && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
-    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-
-WORKDIR /opt/grouper/grouper.apiBinary/
-
+RUN cp /dev/null /etc/httpd/conf.d/ssl.conf
+RUN rm -f /opt/tomee/bin/log4j-*
+COPY container_files/tier-support/log4j_fix/tomeeBin/log4j-* /opt/tomee/bin/
+RUN rm -f /opt/tomee/lib/slf4j-*
+COPY container_files/tier-support/log4j_fix/tomeeLib/slf4j-* /opt/tomee/lib/
+RUN rm -f /opt/grouper/grouperWebapp/WEB-INF/lib/slf4j-api-*
+COPY container_files/tier-support/log4j_fix/webinfLib/* /opt/grouper/grouperWebapp/WEB-INF/lib/
+
+
+# this is to improve openshift
+RUN touch /opt/grouper/grouperEnv.sh \
+    && mkdir -p /opt/tomee/work/Catalina/localhost/ \
+    && chown -R tomcat:root  /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ \
+    && chmod -R g+rwx /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/
+
+# keep backup of files
+RUN mkdir -p /opt/tier-support/originalFiles ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j2.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null
+
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
 EXPOSE 80 443
-
 HEALTHCHECK NONE
-
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
-CMD ["bin/gsh", "-loader"]
+# CMD ["bin/gsh.sh", "-loader"]

Jenkinsfile

@@ -12,7 +12,7 @@ pipeline {
                 script {
                     maintainer = maintain()
                     imagename = imagename()
-                    if(env.BRANCH_NAME == "master") {
+                    if(env.BRANCH_NAME == "main") {
                        tag = "latest"
                     } else {
                        tag = env.BRANCH_NAME
@@ -51,12 +51,17 @@ pipeline {
             steps {
                 script {
                   try{
-                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
+                      // statically defining jenkins credential value dockerhub-tier
+                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-tier") {
                         baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
                       }
+                      // test the environment 
+                      // sh 'cd test-compose && ./compose.sh'
+                      // bring down after testing
+                      // sh 'cd test-compose && docker-compose down'
                   } catch(error) {
                      def error_details = readFile('./debug');
-                     def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+                      def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
                      sh "rm -f ./debug"
                      handleError(message)
                   }
@@ -70,7 +75,7 @@ pipeline {
                      sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
                    } catch (error) {
                      def error_details = readFile('./debug')
-                     def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+                     def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
                      sh "rm -f ./debug"
                      handleError(message)
                    } 
@@ -81,21 +86,8 @@ pipeline {
         stage('Push') {
             steps {
                 script {
-                      //// scan the image with clair
-                      // sh 'docker run -p 5432:5432 -d --name clairdb arminc/clair-db:latest'
-                      // sh 'docker run -p 6060:6060 --link clairdb:postgres -d --name clair arminc/clair-local-scan:v2.0.5'
-                      // sh 'curl -L -o clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64'
-                      // sh 'chmod 755 clair-scanner'
-                      // sh "./clair-scanner --ip 172.17.0.1 -r test.out $maintainer/$imagename:latest"
-                      //// test the environment
-                      // sh 'docker kill clairdb'
-                      // sh 'docker rm clairdb'
-                      // sh 'docker kill clair'
-                      // sh 'docker rm clair'
-                      // sh 'cd test-compose && ./compose.sh'
-                      //// bring down after testing
-                      //sh 'cd test-compose && docker-compose down'
-                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
+                        // statically defining jenkins credential value dockerhub-tier
+                        docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-tier") {
                         baseImg.push("$tag")
                       }
                   }

LICENSE

@@ -7,7 +7,7 @@
    1. Definitions.
 
       "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
+      and distribution as defined by Sections 1 through 9 of this document
 
       "Licensor" shall mean the copyright owner or entity authorized by
       the copyright owner that is granting the License.