diff --git a/.dockerignore b/.dockerignore index 333dbd9..b66e30b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ .git/ test-compose/ *.md +manualBuild.sh \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 2e9fa64..eeccd7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -92,13 +92,14 @@ COPY --from=cleanup /opt/grouper/ /opt/grouper/ COPY container_files/tier-support/ /opt/tier-support/ COPY container_files/usr-local-bin /usr/local/bin/ -COPY container_files/httpd/grouper-www.conf /etc/httpd/conf.d/ +COPY container_files/httpd/* /etc/httpd/conf.d/ COPY container_files/shibboleth/* /etc/shibboleth/ -RUN cp /dev/null /etc/httpd/conf.d/ssl.conf +RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \ + && touch /etc/pki/tls/certs/cachain.pem WORKDIR /opt/grouper/grouper.apiBinary/ EXPOSE 80 443 -CMD ["/bin/sh", "bin/gsh", "-loader"] +CMD ["bin/gsh", "-loader"] diff --git a/README.md b/README.md index 8b13789..0dc1cdb 100644 --- a/README.md +++ b/README.md @@ -1 +1,196 @@ +# Supported tags + +- latest + +# Quick reference + +- **Where to get help**: + [TODO](http://example.com/help) + +- **Where to file issues**: + [https://github.internet2.edu/docker/grouper_noVM/issues](https://github.internet2.edu/docker/grouper_noVM/issues) + +- **Maintained by**: + [TIER Packaging Working Group](https://spaces.internet2.edu/display/TPWG) + +- **Supported Docker versions**: + [the latest release](https://github.com/docker/docker-ce/releases/latest) (down to 1.6 on a best-effort basis) + +# What is Grouper? + +Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk. + +> [www.internet2.edu/products-services/trust-identity/grouper/](https://www.internet2.edu/products-services/trust-identity/grouper/) + +![logo](https://www.internet2.edu/media/medialibrary/2013/10/15/image_grouper_logowordmark_bw.png) + +# How to use this image +This image provides support for each of the Grouper components/roles: Grouper Daemon/Loader, Grouper UI, and Grouper Web Services. + +## Starting each role + +While TIER recommends/supports using Docker Swarm for orchestrating the Grouper environment, these containers can be run directly. Both examples are shown below. It should be noted that these examples will not run independently, but required additional configuration components to be provided before each container will start as expected. + +### Daemon/Loader + +Run the Grouper Daemon/Loader as a service. + +```console +$ docker service create --detach --name grouper-daemon tier/grouper:latest daemon +``` + +Run the Grouper Daemon/Loader as a standalone container. + +```console +$ docker run --detach --name grouper-daemon tier/grouper:latest daemon +``` + +### UI + +Runs the Grouper UI as a service. + +```console +$ docker service create --detach --publish 443:443 --name grouper-ui tier/grouper:latest ui +``` + +Runs the Grouper UI in a standalone container. + +```console +$ docker run --detach --name --publish 443:443 grouper-ui tier/grouper:latest ui +``` + +### Web Services + +Runs the Grouper Web Services as a service. + +```console +$ docker service create --detach --publish 8443:443 --name grouper-ws tier/grouper:latest ws +``` + +Runs the Grouper Web Services in a standalone container. + +```console +$ docker run --detach --publish 8443:443 --name grouper-daemon tier/grouper:latest ws +``` + +### UI and Web Services + +This good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above. + +Runs the Grouper UI and Web Services as a combined service. (You should really run these as individual roles to take advantage of Docker service replicas.) + +```console +$ docker service create --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws +``` + +Runs the Grouper UI and Web Services in a combined container. This good when first starting to work with Grouper, but when scaling Grouper UI or Web Services it is advisable to use the individual roles noted above. + +```console +$ docker run --detach --publish 443:443 --name grouper-web tier/grouper:latest ui-ws +``` + +### GSH + +Runs the Grouper Shell in a throwaway container. This makes it easy to run Grouper commands and Grouper Shell scripts. Since it is interactive it does not run as a service. + +```console +$ docker run -it --rm tier/grouper:latest bin/gsh +``` + +# Configuration + +## Grouper Configurations +There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up. + +## Web Apps Configuration +If starting the container to serve the Grouper UI or Grouper Web Services components, a TLS key and cert(s) need to be applied to those containers. + +The Grouper UI also requires some basic Shibboleth SP configuration. The `/etc/shibboleth/shibboleth2.xml` file should be modified to set: +- an entityId for the SP +- load IdP or federation metadata +- set the SP's encryption keys +- the identity attribute of the subject to be passed to Grouper + +If encrpytion keys are defined in the `shibboleth2.xml` file, then the key/cert should be provided as well. The `attribute-map.xml` file has most of the common identity attributes pre-configured, but it (and other Shibbolrth SP files) can be overlaid/replaced as necessary. + +## General Configuration Mechanism +There are three primary ways to provide the Grouper and additional configuration to the container: Docker Config/Secrets, customized images, and bind mounts. Depending upon your needs you may use a combination of two or three of these options. + +### Secrets/Configs + +Docker Config and Docker Secrets is Docker's way of providing configurations files to a container. The primary difference between the Config and Secrets functionality is that Secrets is designed to protect resrouces that sensitive files. + +This image will make any secrets (containing a period in the secret name) available to the appropriate Grouper component's conf directory (i.e. `/conf` or `WEB-INF/classes`). These file will supercede any in the underlying image. + +Secrets can be managed using the `docker secret` command: `docker secret create grouper.hibernate.properties ./grouper.hibernate.properties`. This will securely store the file in the swarm. Secrets can then be assigned to the service `docker service create -d --name daemon --secret grouper.hibernate.properties --secret sources.xml tier/grouper daemon`. + +> `docker run` does not support secrets; Bind mounts need to be used instead. + +### Bind Mounts + +Bind mounts can be used to connect files on the Docker host into the container. When not running in swarm mode, the secrets are supported, so we can use a bind mount to provide the container with the configuration files. + +``` +docker run --detach --name daemon \ + --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper.hibernate.properties \ + --mount type=bind,src=$(pwd)/sources.xml,dst=/run/secrets/sources.xml \ + tier/grouper daemon +``` + +### Customized Images + +Deployers will undoubtedly want to add in their files to the container; things like addtional jar files defining Grouper Hooks, or things like own images, css files, anything. This can be accomplished by building custom images. **Deployers should NOT use this method to store sensitive configuration files.** + +To add a favicon to the Grouper UI, we use the tier/grouper images as a base and `COPY` our local `favicon.ico` into the image. While we are at it, we define this image as a UI image by specifying the default commnd (i.e `CMD`) of `ui`. + +```Dockerfile +FROM tier/grouper:latest + +COPY favicon.ico /opt/grouper/grouper.ui/dist/grouper/ + +CMD ui +``` + +To build our image: + +``` +docker build --tag=org/grouper-ui . +``` + +This image can now be used locally or pushed to an organization's Docker repository. + + +## Memory Limits +(TODO) + + +# File System Endpoints +Significant directories and files that deployers should be aware of. + +- `/grouper/conf/`: a common directory to place non-sensitive config files that will be placed into the appropriate location for each Grouper component at container start-up. +- `/grouper/lib/`: a common directory to place additional jar files that will be placed into the appropriate location for each Grouper component at container start-up. + +- `/etc/httpd/conf.d/ssl-enabled.conf`: Can be overlaid to change the TLS settings when running Grouper UI or Web Servicse. +- `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image. +- `/opt/grouper/grouper.apiBinary/`: location to overlay Grouper GSH or Daemon/Loader files. +- `/opt/grouper/grouper.ui/dist/grouper/`: location to overlay Grouper UI web application files. +- `/opt/grouper/grouper.ws/dist/grouper-ws/`: location to overlay Grouper Web Services web application files. + +To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these endpoints. While the container is running one may copy files out of the image/container using something like `docker cp temp:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the host's present working directory. These files can then be edited and applied via the mechanisms outlined above. + +# Provisioning a Grouper Database +(TODO) + +``` +docker run --detach --rm --name daemon \ + --mount type=bind,src=$(pwd)/grouper.hibernate.properties,dst=/run/secrets/grouper.hibernate.properties \ + tier/grouper gsh -registry -check -runscript -noprompt +``` + + +# License + +View [license information](TODO) for the software contained in this image. + +As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). diff --git a/container_files/httpd/grouper-www.conf b/container_files/httpd/grouper-www.conf index 6c92c65..6d15d22 100644 --- a/container_files/httpd/grouper-www.conf +++ b/container_files/httpd/grouper-www.conf @@ -1,28 +1,15 @@ - Timeout 2400 - ProxyTimeout 2400 - ProxyBadHeader Ignore - - ProxyPass /Shibboleth.sso ! - ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400 - ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400 - - - AuthType shibboleth - ShibRequestSetting requireSession 1 - ShibRequireSession on - ShibUseHeaders On - require shibboleth - - - # modern configuration, tweak to your needs - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 - SSLHonorCipherOrder on - SSLCompression off - - # OCSP Stapling, only in httpd 2.3.3 and later - SSLUseStapling on - SSLStaplingResponderTimeout 5 - SSLStaplingReturnResponderErrors off - SSLStaplingCache shmcb:/var/run/ocsp(128000) +Timeout 2400 +ProxyTimeout 2400 +ProxyBadHeader Ignore + +ProxyPass /grouper ajp://localhost:8009/grouper timeout=2400 +ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws timeout=2400 + + + AuthType shibboleth + ShibRequestSetting requireSession 1 + ShibRequireSession on + ShibUseHeaders On + require shibboleth + diff --git a/container_files/httpd/ssl-enabled.conf b/container_files/httpd/ssl-enabled.conf new file mode 100644 index 0000000..00d75a4 --- /dev/null +++ b/container_files/httpd/ssl-enabled.conf @@ -0,0 +1,28 @@ +# modern configuration, tweak to your needs +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 +SSLHonorCipherOrder on +SSLCompression off + +# OCSP Stapling, only in httpd 2.3.3 and later +SSLUseStapling on +SSLStaplingResponderTimeout 5 +SSLStaplingReturnResponderErrors off +SSLStaplingCache shmcb:/var/run/ocsp(128000) + +Listen 443 https + + RewriteEngine on + RewriteRule "^/$" "/grouper/" [R] + + SSLEngine on + SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem + + SSLCertificateFile /etc/pki/tls/certs/host-cert.pem + + SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + diff --git a/container_files/shibboleth/shibd.logger b/container_files/shibboleth/shibd.logger deleted file mode 100644 index 2589b43..0000000 --- a/container_files/shibboleth/shibd.logger +++ /dev/null @@ -1,69 +0,0 @@ -# set overall behavior -log4j.rootCategory=DEBUG, shibd_log, warn_log - -# fairly verbose for DEBUG, so generally leave at DEBUG -log4j.category.XMLTooling.XMLObject=DEBUG -log4j.category.XMLTooling.KeyInfoResolver=DEBUG -log4j.category.Shibboleth.IPRange=DEBUG -log4j.category.Shibboleth.PropertySet=DEBUG - -# raise for low-level tracing of SOAP client HTTP/SSL behavior -log4j.category.XMLTooling.libcurl=DEBUG - -# useful categories to tune independently: -# -# tracing of SAML messages and security policies -#log4j.category.OpenSAML.MessageDecoder=DEBUG -#log4j.category.OpenSAML.MessageEncoder=DEBUG -#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG -#log4j.category.XMLTooling.SOAPClient=DEBUG -# interprocess message remoting -#log4j.category.Shibboleth.Listener=DEBUG -# mapping of requests to applicationId -#log4j.category.Shibboleth.RequestMapper=DEBUG -# high level session cache operations -#log4j.category.Shibboleth.SessionCache=DEBUG -# persistent storage and caching -#log4j.category.XMLTooling.StorageService=DEBUG - -# logs XML being signed or verified if set to DEBUG -log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log -log4j.additivity.XMLTooling.Signature.Debugger=false - -# the tran log blocks the "default" appender(s) at runtime -# Level should be left at DEBUG for this category -log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log -log4j.additivity.Shibboleth-TRANSACTION=false -# uncomment to suppress particular event types -#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN -#log4j.category.Shibboleth-TRANSACTION.Login=WARN -#log4j.category.Shibboleth-TRANSACTION.Logout=WARN - -# define the appenders - -log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender -log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log -log4j.appender.shibd_log.maxFileSize=1000000 -log4j.appender.shibd_log.maxBackupIndex=10 -log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout -log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n - -log4j.appender.warn_log=org.apache.log4j.RollingFileAppender -log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log -log4j.appender.warn_log.maxFileSize=1000000 -log4j.appender.warn_log.maxBackupIndex=10 -log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout -log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n -log4j.appender.warn_log.threshold=WARN - -log4j.appender.tran_log=org.apache.log4j.RollingFileAppender -log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log -log4j.appender.tran_log.maxFileSize=1000000 -log4j.appender.tran_log.maxBackupIndex=20 -log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout -log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n - -log4j.appender.sig_log=org.apache.log4j.FileAppender -log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log -log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout -log4j.appender.sig_log.layout.ConversionPattern=%m diff --git a/container_files/tier-support/grouper-ws.xml b/container_files/tier-support/grouper-ws.xml index 628533a..e4812a4 100644 --- a/container_files/tier-support/grouper-ws.xml +++ b/container_files/tier-support/grouper-ws.xml @@ -1 +1,4 @@ - + + + + diff --git a/container_files/tier-support/grouper.xml b/container_files/tier-support/grouper.xml index 8d9f878..d9c6134 100644 --- a/container_files/tier-support/grouper.xml +++ b/container_files/tier-support/grouper.xml @@ -1,3 +1,4 @@ - + + + + diff --git a/container_files/tier-support/supervisord-web.conf b/container_files/tier-support/supervisord-web.conf index fe738ac..34ace41 100644 --- a/container_files/tier-support/supervisord-web.conf +++ b/container_files/tier-support/supervisord-web.conf @@ -1,6 +1,3 @@ -[unix_http_server] -file=/tmp/supervisor.sock ; path to your socket file - [supervisord] logfile=/dev/fd/1 ; supervisord log file logfile_maxbytes=0 ; maximum size of logfile before rotation diff --git a/container_files/usr-local-bin/client b/container_files/usr-local-bin/client deleted file mode 100755 index 8a851ab..0000000 --- a/container_files/usr-local-bin/client +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -set -x - -/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir -mysqld_safe & - -while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysql to start; sleep 2; done; -while ! curl -s "ldap://localhost:389" > /dev/null; do echo waiting for 389-ds to start; sleep 2; done; - -if [ -z "$disable" ] -then - disabled_components= -else - IFS=',' read -ra disabled_components <<< "$disable" -fi - -if [ -z "$enable" ] -then - enabled_components= -else - IFS=',' read -ra enabled_components <<< "$enable" -fi - -if [[ "${disabled_components[@]}" =~ "UI" ]] -then - mv /opt/tomcat/webapps/grouper/ /opt/apache-tomcat/grouper-disabled - rm /opt/tomcat/webapps/grouper.war -fi - -if [[ "${disabled_components[@]}" =~ "WS" ]] -then - mv /opt/tomcat/webapps/grouper-ws/ /opt/tomcat/ws-disabled - rm /opt/tomcat/webapps/grouper-ws.war -fi - -rm -rf /opt/tomcat/work/* - -if [[ ! "${disabled_components[@]}" =~ "TOMCAT" ]] -then - /opt/tomcat/bin/startup.sh -fi - -cd /opt/grouper.apiBinary-2.3.0/ -bin/gsh /seed-data/bootstrap.gsh - -if [[ ! "${disabled_components[@]}" =~ "SAMPLE-JOBS" ]] -then - bin/gsh /seed-data/sample-jobs-bootstrap.gsh -fi - -if [[ "${enabled_components[@]}" =~ "TIER" ]] -then - bin/gsh /seed-data/tier-bootstrap.gsh -fi - -if [[ ! "${disabled_components[@]}" =~ "DAEMON" ]] -then - bin/gsh -loader & -fi - -tail -f /opt/grouper.apiBinary-2.3.0/logs/grouper_error.log diff --git a/container_files/usr-local-bin/daemon b/container_files/usr-local-bin/daemon new file mode 100755 index 0000000..4ce9bff --- /dev/null +++ b/container_files/usr-local-bin/daemon @@ -0,0 +1,8 @@ +#!/bin/bash +set -x + +. /usr/local/bin/library.sh + +prepDaemon + +exec bin/gsh -loader diff --git a/container_files/usr-local-bin/library.sh b/container_files/usr-local-bin/library.sh new file mode 100644 index 0000000..fcf92cc --- /dev/null +++ b/container_files/usr-local-bin/library.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +linkGrouperSecrets() { + for filepath in /run/secrets/*; do + local label_file=`basename $filepath` + local file=$(echo $label_file| cut -d'_' -f 2) + + if [[ $label_file == grouper_* ]]; then + ln -sf /run/secrets/$label_file $1/$file + elif [[ $label_file == shib_* ]]; then + ln -sf /run/secrets/$label_file /etc/shibboleth/$file + elif [[ $label_file == httpd_* ]]; then + ln -sf /run/secrets/$label_file /etc/httpd/conf.d/$file + elif [ "$label_file" == "host-key.pem" ]; then + ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem + fi + done +} + +prepDaemon() { + local dest=/opt/grouper/grouper.apiBinary + linkGrouperSecrets $dest/conf + + if [ -d "/opt/grouper/conf" ]; then + cp /opt/grouper/conf/* $dest/conf/ + fi + if [ -d "/opt/grouper/lib" ]; then + cp /opt/grouper/lib/* $dest/lib/ + fi +} + +prepUI() { + local dest=/opt/grouper/grouper.ui/dist/grouper/WEB-INF + linkGrouperSecrets $dest/classes + + if [ -d "/opt/grouper/conf" ]; then + cp /opt/grouper/conf/* $dest/classes/ + fi + if [ -d "/opt/grouper/lib" ]; then + cp /opt/grouper/lib/* $dest/lib/ + fi + + cp /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/ +} + +prepWS() { + local dest=/opt/grouper/grouper.ws/dist/grouper-ws/WEB-INF + linkGrouperSecrets $dest/classes + + if [ -d "/opt/grouper/conf" ]; then + cp /opt/grouper/conf/* $dest/classes/ + fi + if [ -d "/opt/grouper/lib" ]; then + cp /opt/grouper/lib/* $dest/lib/ + fi + + cp /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/ +} \ No newline at end of file diff --git a/container_files/usr-local-bin/loader b/container_files/usr-local-bin/loader deleted file mode 100755 index 48b887b..0000000 --- a/container_files/usr-local-bin/loader +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -set -x - -exec bin/gsh -loader \ No newline at end of file diff --git a/container_files/usr-local-bin/ui b/container_files/usr-local-bin/ui index 819b1e3..a451c8b 100755 --- a/container_files/usr-local-bin/ui +++ b/container_files/usr-local-bin/ui @@ -1,6 +1,8 @@ #!/bin/bash set -x -mv /opt/tier-support/grouper.xml /opt/tomcat/conf/Catalina/localhost/ +. /usr/local/bin/library.sh -exec supervisord -c /opt/tier-support/supervisord-web.conf +prepUI + +exec /usr/bin/supervisord -c /opt/tier-support/supervisord-web.conf diff --git a/container_files/usr-local-bin/ui-ws b/container_files/usr-local-bin/ui-ws new file mode 100755 index 0000000..46e0471 --- /dev/null +++ b/container_files/usr-local-bin/ui-ws @@ -0,0 +1,9 @@ +#!/bin/bash +set -x + +. /usr/local/bin/library.sh + +prepUI +prepWS + +/usr/bin/supervisord -c /opt/tier-support/supervisord-web.conf diff --git a/container_files/usr-local-bin/ws b/container_files/usr-local-bin/ws index 5ede59a..e748390 100755 --- a/container_files/usr-local-bin/ws +++ b/container_files/usr-local-bin/ws @@ -1,6 +1,8 @@ #!/bin/bash set -x -mv /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/ +. /usr/local/bin/library.sh -exec supervisord -c /opt/tier-support/supervisord-web.conf +prepWS + +exec /usr/bin/supervisord -c /opt/tier-support/supervisord-web.conf diff --git a/manualBuild.sh b/manualBuild.sh index 120ab41..72b161b 100755 --- a/manualBuild.sh +++ b/manualBuild.sh @@ -1,11 +1,4 @@ -docker pull centos:centos7 \ -&& docker build --tag=tier/grouper-java-base:7u95 java-base \ -&& docker build --tag=tier/grouper-api:2.3.0 api \ -&& docker build --tag=tier/grouper-daemon:2.3.0 daemon \ -&& docker build --tag=tier/grouper-web-base:2.3.0 web-base \ -&& docker build --tag=tier/grouper-ui:2.3.0 ui \ -&& docker build --tag=tier/grouper-ws:2.3.0 ws \ -&& docker build --tag=tier/grouper-www:2.3.0 www +&& docker build --pull --tag=tier/grouper . \ if [[ "$OSTYPE" == "darwin"* ]]; then say build complete diff --git a/test-compose/README.md b/test-compose/README.md index 684e27f..640956b 100644 --- a/test-compose/README.md +++ b/test-compose/README.md @@ -1 +1,13 @@ Coming soon... + +> This docker-stack.yml file uses the `configs` syntax which is part of the Compose file format v3.3 and requires Docker Engine version 17.06.0+ (released on 2017-06-28). Users of older engine versions will need convert `config` references to use bind mounts. After this change, everything else should work as expected. + +> `configs` are not supported by docker-compose, so those are shown in the file as bind mount volumes. + +> Environment specific settings are passed in via secrets and configs, but anything that would standard across dev, qa, prod (e.g. jars, images, css, mods) is baked into our image. + +> The files in the `data` image's `conf` directory is used to build the sample grouper database and ldap store. It is not used when the container is instantiated. + +> Rabbit MQ: guest/guest add queue `sampleQueue` to see grouper messages. + +> In this example we don't care about the IdP secrets. They are baked into the overlay. diff --git a/test-compose/daemon/conf/grouper-loader.properties b/test-compose/configs-and-secrets/grouper/grouper-loader.properties similarity index 100% rename from test-compose/daemon/conf/grouper-loader.properties rename to test-compose/configs-and-secrets/grouper/grouper-loader.properties diff --git a/test-compose/daemon/conf/grouper.client.properties b/test-compose/configs-and-secrets/grouper/grouper.client.properties similarity index 100% rename from test-compose/daemon/conf/grouper.client.properties rename to test-compose/configs-and-secrets/grouper/grouper.client.properties diff --git a/test-compose/daemon/conf/grouper.hibernate.properties b/test-compose/configs-and-secrets/grouper/grouper.hibernate.properties similarity index 100% rename from test-compose/daemon/conf/grouper.hibernate.properties rename to test-compose/configs-and-secrets/grouper/grouper.hibernate.properties diff --git a/test-compose/daemon/conf/grouper.properties b/test-compose/configs-and-secrets/grouper/grouper.properties similarity index 100% rename from test-compose/daemon/conf/grouper.properties rename to test-compose/configs-and-secrets/grouper/grouper.properties diff --git a/test-compose/daemon/conf/ldap.properties b/test-compose/configs-and-secrets/grouper/ldap.properties similarity index 100% rename from test-compose/daemon/conf/ldap.properties rename to test-compose/configs-and-secrets/grouper/ldap.properties diff --git a/test-compose/daemon/conf/sources.xml b/test-compose/configs-and-secrets/grouper/sources.xml similarity index 100% rename from test-compose/daemon/conf/sources.xml rename to test-compose/configs-and-secrets/grouper/sources.xml diff --git a/test-compose/configs-and-secrets/httpd/cachain-cer.pem b/test-compose/configs-and-secrets/httpd/cachain-cer.pem new file mode 100644 index 0000000..e69de29 diff --git a/test-compose/ui/httpd/localhost.crt b/test-compose/configs-and-secrets/httpd/host-cert.pem similarity index 100% rename from test-compose/ui/httpd/localhost.crt rename to test-compose/configs-and-secrets/httpd/host-cert.pem diff --git a/test-compose/ui/httpd/localhost.key b/test-compose/configs-and-secrets/httpd/host-key.pem similarity index 100% rename from test-compose/ui/httpd/localhost.key rename to test-compose/configs-and-secrets/httpd/host-key.pem diff --git a/test-compose/ui/shibboleth/idp-metadata.xml b/test-compose/configs-and-secrets/shibboleth/idp-metadata.xml similarity index 100% rename from test-compose/ui/shibboleth/idp-metadata.xml rename to test-compose/configs-and-secrets/shibboleth/idp-metadata.xml diff --git a/test-compose/ui/shibboleth/shibboleth2.xml b/test-compose/configs-and-secrets/shibboleth/shibboleth2.xml similarity index 100% rename from test-compose/ui/shibboleth/shibboleth2.xml rename to test-compose/configs-and-secrets/shibboleth/shibboleth2.xml diff --git a/test-compose/ui/shibboleth/sp-cert.pem b/test-compose/configs-and-secrets/shibboleth/sp-cert.pem similarity index 100% rename from test-compose/ui/shibboleth/sp-cert.pem rename to test-compose/configs-and-secrets/shibboleth/sp-cert.pem diff --git a/test-compose/ui/shibboleth/sp-key.pem b/test-compose/configs-and-secrets/shibboleth/sp-key.pem similarity index 100% rename from test-compose/ui/shibboleth/sp-key.pem rename to test-compose/configs-and-secrets/shibboleth/sp-key.pem diff --git a/test-compose/daemon/Dockerfile b/test-compose/daemon/Dockerfile index 9b4e740..5749d02 100644 --- a/test-compose/daemon/Dockerfile +++ b/test-compose/daemon/Dockerfile @@ -1,5 +1,5 @@ FROM tier/grouper:latest -MAINTAINER tier-packaging@internet2.edu +LABEL author="tier-packaging@internet2.edu " -COPY conf/ /opt/grouper/grouper.apiBinary/conf/ +CMD ["bin/gsh", "-loader"] \ No newline at end of file diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile index ae4bcaa..9c88903 100644 --- a/test-compose/data/Dockerfile +++ b/test-compose/data/Dockerfile @@ -1,6 +1,6 @@ FROM tier/grouper:latest -MAINTAINER tier-packaging@internet2.edu +LABEL author="tier-packaging@internet2.edu " COPY seed-data/ /seed-data/ COPY conf/ /opt/grouper/grouper.apiBinary/conf/ diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml index 5d27c49..038cf48 100644 --- a/test-compose/docker-compose.yml +++ b/test-compose/docker-compose.yml @@ -1,17 +1,55 @@ -version: "2" +version: "3.3" services: daemon: build: ./daemon/ - command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; loader" + command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; daemon" + volumes: + - type: bind + source: ./configs-and-secrets/grouper/grouper.properties + target: /opt/grouper/conf/grouper.properties + - type: bind + source: ./configs-and-secrets/grouper/grouper.client.properties + target: /opt/grouper/conf/grouper.client.properties depends_on: - data networks: - back + secrets: + - source: grouper.hibernate.properties + target: grouper_grouper.hibernate.properties + - source: grouper-loader.properties + target: grouper_grouper-loader.properties + - source: ldap.properties + target: grouper_ldap.properties + - source: sources.xml + target: grouper_sources.xml ui: build: ./ui/ command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://data:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; ui" + volumes: + - type: bind + source: ./configs-and-secrets/grouper/grouper.properties + target: /opt/grouper/conf/grouper.properties + - type: bind + source: ./configs-and-secrets/grouper/grouper.client.properties + target: /opt/grouper/conf/grouper.client.properties + - type: bind + source: ./configs-and-secrets/shibboleth/sp-cert.pem + target: /etc/shibboleth/sp-cert.pem + - type: bind + source: ./configs-and-secrets/shibboleth/shibboleth2.xml + target: /etc/shibboleth/shibboleth2.xml + - type: bind + source: ./configs-and-secrets/shibboleth/idp-metadata.xml + target: /etc/shibboleth/idp-metadata.xml + - type: bind + source: ./configs-and-secrets/httpd/host-cert.pem + target: /etc/pki/tls/certs/host-cert.pem + - type: bind + source: ./configs-and-secrets/httpd/host-cert.pem + target: /etc/pki/tls/certs/cachain.pem depends_on: - data networks: @@ -20,10 +58,36 @@ services: ports: - "80:80" - "443:443" + secrets: + - source: grouper.hibernate.properties + target: grouper_grouper.hibernate.properties + - source: grouper-loader.properties + target: grouper_grouper-loader.properties + - source: ldap.properties + target: grouper_ldap.properties + - source: sources.xml + target: grouper_sources.xml + - source: sp-key.pem + target: shib_sp-key.pem + - source: host-key.pem + ws: build: ./ws/ command: bash -c "while ! curl -s data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://data:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; ws" + volumes: + - type: bind + source: ./configs-and-secrets/grouper/grouper.properties + target: /opt/grouper/conf/grouper.properties + - type: bind + source: ./configs-and-secrets/grouper/grouper.client.properties + target: /opt/grouper/conf/grouper.client.properties + - type: bind + source: ./configs-and-secrets/httpd/host-cert.pem + target: /etc/pki/tls/certs/host-cert.pem + - type: bind + source: ./configs-and-secrets/httpd/host-cert.pem + target: /etc/pki/tls/certs/cachain.pem depends_on: - data networks: @@ -31,13 +95,40 @@ services: - back ports: - "8443:443" + secrets: + - source: grouper.hibernate.properties + target: grouper_grouper.hibernate.properties + - source: grouper-loader.properties + target: grouper_grouper-loader.properties + - source: ldap.properties + target: grouper_ldap.properties + - source: sources.xml + target: grouper_sources.xml + - source: host-key.pem gsh: build: ./gsh/ + volumes: + - type: bind + source: ./configs-and-secrets/grouper/grouper.properties + target: /opt/grouper/conf/grouper.properties + - type: bind + source: ./configs-and-secrets/grouper/grouper.client.properties + target: /opt/grouper/conf/grouper.client.properties depends_on: - data networks: - back + secrets: + - source: grouper.hibernate.properties + target: grouper_grouper.hibernate.properties + - source: grouper-loader.properties + target: grouper_grouper-loader.properties + - source: ldap.properties + target: grouper_ldap.properties + - source: sources.xml + target: grouper_sources.xml + data: build: ./data/ @@ -50,17 +141,6 @@ services: - "389:389" - "3306:3306" -#docker run -d -e RABBITMQ_NODENAME=docker-rabbit -p 15672:15672 --name rabbitmq rabbitmq:management - rabbitmq: - image: rabbitmq:management - environment: - - RABBITMQ_NODENAME=docker-rabbit - networks: - - front - - back - ports: - - "15672:15672" - idp: build: ./idp/ depends_on: @@ -75,9 +155,34 @@ services: ports: - "4443:4443" + rabbitmq: + image: rabbitmq:management + environment: + - RABBITMQ_NODENAME=docker-rabbit + hostname: rabbitmq + networks: + - front + - back + ports: + - "15672:15672" networks: front: driver: bridge back: driver: bridge + +secrets: + grouper.hibernate.properties: + file: ./configs-and-secrets/grouper/grouper.hibernate.properties + grouper-loader.properties: + file: ./configs-and-secrets/grouper/grouper-loader.properties + sources.xml: + file: ./configs-and-secrets/grouper/sources.xml + ldap.properties: + file: ./configs-and-secrets/grouper/ldap.properties + sp-key.pem: + file: ./configs-and-secrets/shibboleth/sp-key.pem + host-key.pem: + file: ./configs-and-secrets/httpd/host-key.pem + \ No newline at end of file diff --git a/test-compose/gsh/Dockerfile b/test-compose/gsh/Dockerfile index a7ff47d..39421b2 100644 --- a/test-compose/gsh/Dockerfile +++ b/test-compose/gsh/Dockerfile @@ -2,6 +2,4 @@ FROM tier/grouper:latest MAINTAINER tier-packaging@internet2.edu -COPY conf/ /opt/grouper/grouper.apiBinary/conf/ - -CMD ["/bin/sh", "bin/gsh"] +CMD ["bin/gsh"] diff --git a/test-compose/gsh/conf/grouper-loader.properties b/test-compose/gsh/conf/grouper-loader.properties deleted file mode 100644 index 3329e21..0000000 --- a/test-compose/gsh/conf/grouper-loader.properties +++ /dev/null @@ -1,73 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://data:389/dc=example,dc=edu - -#optional, if authenticated -#ldap.personLdap.user = uid=someapp,ou=people,dc=myschool,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -#ldap.personLdap.pass = secret - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -#ldap.personLdap.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false diff --git a/test-compose/gsh/conf/grouper.hibernate.properties b/test-compose/gsh/conf/grouper.hibernate.properties deleted file mode 100644 index b9cc983..0000000 --- a/test-compose/gsh/conf/grouper.hibernate.properties +++ /dev/null @@ -1,30 +0,0 @@ -# -# Grouper Hibernate Configuration -# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $ -# - -# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.hibernate.base.properties -# (which should not be edited), and the grouper.hibernate.properties overlays -# the base settings. See the grouper.hibernate.base.properties for the possible -# settings that can be applied to the grouper.hibernate.properties - -######################################## -## DB settings -######################################## - -# e.g. mysql: jdbc:mysql://localhost:3306/grouper -# e.g. p6spy (log sql): [use the URL that your DB requires] -# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid -# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true -# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper -# e.g. postgres: jdbc:postgresql://localhost:5432/database -# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 - -hibernate.connection.username = root -# If you are using an empty password, depending upon your version of -# Java and Ant you may need to specify a password of "". -# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = - diff --git a/test-compose/gsh/conf/grouper.properties b/test-compose/gsh/conf/grouper.properties deleted file mode 100644 index c931287..0000000 --- a/test-compose/gsh/conf/grouper.properties +++ /dev/null @@ -1,25 +0,0 @@ -# -# Grouper Configuration -# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ -# - -# Grouper uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.base.properties -# (which should not be edited), and the grouper.properties overlays -# the base settings. See the grouper.base.properties for the possible -# settings that can be applied to the grouper.properties - -#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) -configuration.autocreate.system.groups = true - -# A wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when interacting with the registry. -groups.wheel.use = true - -# Set to the name of the group you want to treat as the wheel group. -# The members of this group will be treated as root-like users. -groups.wheel.group = etc:sysadmingroup - -# Used to allow Include Exclude groups -grouperIncludeExclude.use = true -grouperIncludeExclude.requireGroups.use = true diff --git a/test-compose/gsh/conf/ldap.properties b/test-compose/gsh/conf/ldap.properties deleted file mode 100644 index 692a4f5..0000000 --- a/test-compose/gsh/conf/ldap.properties +++ /dev/null @@ -1,73 +0,0 @@ -# This is the configuration file for vt-ldap. -# See http://code.google.com/p/vt-middleware/wiki/vtldapProperties - -edu.vt.middleware.ldap.ldapUrl=ldap://data:389 -edu.vt.middleware.ldap.searchScope=SUBTREE - -# authn if simple -edu.vt.middleware.ldap.bindDn=cn=admin,dc=example,dc=edu -edu.vt.middleware.ldap.bindCredential=secret -# The bind credential may be external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -# edu.vt.middleware.ldap.bindCredential=/path/to/ldap.pwd -edu.vt.middleware.ldap.authtype=simple - -# encryption -edu.vt.middleware.ldap.ssl=false -edu.vt.middleware.ldap.tls=false - -# pooling options -edu.vt.middleware.ldap.pool.minPoolSize = 2 -edu.vt.middleware.ldap.pool.maxPoolSize = 5 - -# paged results -edu.vt.middleware.ldap.pagedResultsSize=0 - -# authn for sasl external (certificates) -# edu.vt.middleware.ldap.authtype=EXTERNAL -# edu.vt.middleware.ldap.tls=true -# edu.vt.middleware.ldap.serviceUser=cn=admin.example.edu -# these to use PEM format cert and key -# pemCaFile=/path/to/ca.pem -# pemCertFile=/path/to/cert.pem -# pemKeyFile=/path/to/key.pem - - -# The default base DN for searches. -# All subordinate objects will be deleted during tests ! -edu.vt.middleware.ldap.baseDn=dc=example,dc=edu - -# The base DN for groups. -edu.internet2.middleware.psp.groupsBaseDn=ou=groups,dc=example,dc=edu - -# The base DN for people. -edu.internet2.middleware.psp.peopleBaseDn=ou=people,dc=example,dc=edu - -# The group object class. -# OpenLDAP, RedHat, 389, ApacheDS, etc. -edu.internet2.middleware.psp.groupObjectClass=groupOfNames -# Active Directory -# edu.internet2.middleware.psp.groupObjectClass=group - -# The base Grouper stem to be provisioned. -edu.internet2.middleware.psp.baseStem=psp - -# The ldap DN structure may be either flat or bushy. -# In a flat structure all groups are provisioned under a single base DN (container ID). -# A flat group's ldap RDN is its Grouper name or displayName. -# edu.internet2.middleware.psp.structure=flat -# edu.internet2.middleware.psp.cnSourceAttributeID=name - -# In a bushy structure groups are provisioned hierarchically, with stems as branches in the tree. -# A bushy group's RDN is its Grouper extension or displayExtension. -edu.internet2.middleware.psp.structure=flat -edu.internet2.middleware.psp.cnSourceAttributeID=name - -# The QuotedDnResultHandler removes quotes from DNs of the form "CN=quoted/name",DC=edu. -# The FqdnSearchResultHandler makes sure that all ldap dns are fully qualified. -# You may wish to comment out the following property for the Grouper UI or WS. -edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.psp.ldap.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler - -# handle Active Directory groups with a large (>1500) number of members -# see https://bugs.internet2.edu/jira/browse/GRP-335 -# see http://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes -# edu.vt.middleware.ldap.searchResultHandlers=edu.internet2.middleware.ldappc.util.QuotedDnResultHandler,edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.internet2.middleware.ldappc.util.RangeSearchResultHandler diff --git a/test-compose/gsh/conf/psp-internal.xml b/test-compose/gsh/conf/psp-internal.xml deleted file mode 100644 index 9a71728..0000000 --- a/test-compose/gsh/conf/psp-internal.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - classpath, string - - org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader - - - edu.internet2.middleware.shibboleth.common.util.StringResourceLoader - - - - - - - - - - - - - \ No newline at end of file diff --git a/test-compose/gsh/conf/psp-resolver.xml b/test-compose/gsh/conf/psp-resolver.xml deleted file mode 100644 index 0d4dfeb..0000000 --- a/test-compose/gsh/conf/psp-resolver.xml +++ /dev/null @@ -1,680 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - top - ${edu.internet2.middleware.psp.groupObjectClass} - - - - - top - organizationalUnit - - - - eduMember - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/test-compose/gsh/conf/psp-services.xml b/test-compose/gsh/conf/psp-services.xml deleted file mode 100644 index a8daf9c..0000000 --- a/test-compose/gsh/conf/psp-services.xml +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/test-compose/gsh/conf/psp.xml b/test-compose/gsh/conf/psp.xml deleted file mode 100644 index db8d29c..0000000 --- a/test-compose/gsh/conf/psp.xml +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/test-compose/gsh/conf/sources.xml b/test-compose/gsh/conf/sources.xml deleted file mode 100644 index 9c884ae..0000000 --- a/test-compose/gsh/conf/sources.xml +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - - - - - - - - - g:gsa - Grouper: Group Source Adapter - group - - - subjectVirtualAttribute_0_searchAttribute0 - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - displayExtension - - - searchAttribute0 - searchAttribute0 - - - - maxPageSize - 100 - - searchAttribute0 - - - - - - grouperEntities - Grouper: Entity Source Adapter - application - - - subjectVirtualAttribute_0_searchAttribute0 - - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - name - - - searchAttribute0 - searchAttribute0 - - searchAttribute0 - - - - - - ldap - EDU Ldap - person - - INITIAL_CONTEXT_FACTORY - com.sun.jndi.ldap.LdapCtxFactory - - - PROVIDER_URL - ldap://data - - - SECURITY_AUTHENTICATION - simple - - - SECURITY_PRINCIPAL - cn=admin,dc=internet2,dc=edu - - - SECURITY_CREDENTIALS - password - - - SubjectID_AttributeType - uid - - - SubjectID_formatToLowerCase - false - - - Name_AttributeType - cn - - - Description_AttributeType - cn - - - /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE - /// For filter use - - - searchSubject - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - searchSubjectByIdentifier - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - search - - filter - - (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - subjectVirtualAttribute_0_searchAttribute0 - ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} - - - sortAttribute0 - cn - - - searchAttribute0 - searchAttribute0 - - - - - - searchAttribute0 - - ///Attributes you would like to display when doing a search - givenName - sn - uid - - - - - - diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile index d11ea56..7d0b512 100644 --- a/test-compose/idp/Dockerfile +++ b/test-compose/idp/Dockerfile @@ -1,5 +1,5 @@ FROM unicon/shibboleth-idp:latest -MAINTAINER Unicon, Inc. +LABEL author="tier-packaging@internet2.edu " COPY shibboleth-idp/ /opt/shibboleth-idp/ diff --git a/test-compose/idp/shibboleth-idp/conf/cas-protocol.xml b/test-compose/idp/shibboleth-idp/conf/cas-protocol.xml deleted file mode 100644 index 9cfa04a..0000000 --- a/test-compose/idp/shibboleth-idp/conf/cas-protocol.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/test-compose/idp/shibboleth-idp/conf/relying-party.xml b/test-compose/idp/shibboleth-idp/conf/relying-party.xml deleted file mode 100644 index a0c5bbf..0000000 --- a/test-compose/idp/shibboleth-idp/conf/relying-party.xml +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/test-compose/ui/Dockerfile b/test-compose/ui/Dockerfile index 6090e0a..1dd0943 100644 --- a/test-compose/ui/Dockerfile +++ b/test-compose/ui/Dockerfile @@ -1,21 +1,10 @@ FROM tier/grouper:latest -MAINTAINER tier-packaging@internet2.edu +LABEL author="tier-packaging@internet2.edu " COPY WEB-INF/ /opt/grouper/grouper.ui/dist/grouper/WEB-INF/ COPY tomcat/ /opt/tomcat/conf/ -# Replace the contents of the files in the following 2 lines with web server cert and private key -COPY httpd/localhost.crt /etc/pki/tls/certs -COPY httpd/localhost.key /etc/pki/tls/private - -# Replace the contents of the files in the following 2 lines with shibboleth cert and private key -COPY shibboleth/sp-cert.pem /etc/shibboleth/ - -# Make sure to modify the entityID value in this file with that of your SP -COPY shibboleth/shibboleth2.xml /etc/shibboleth/ -COPY shibboleth/idp-metadata.xml /etc/shibboleth/ - -COPY shibboleth/sp-key.pem /etc/shibboleth/ -COPY httpd/ssl-enabled.conf /etc/httpd/conf.d/ #COPY httpd/logout.php /var/www/cgi-bin/logout.php + +CMD ["ui"] diff --git a/test-compose/ui/WEB-INF/classes/grouper-loader.properties b/test-compose/ui/WEB-INF/classes/grouper-loader.properties deleted file mode 100644 index 3329e21..0000000 --- a/test-compose/ui/WEB-INF/classes/grouper-loader.properties +++ /dev/null @@ -1,73 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://data:389/dc=example,dc=edu - -#optional, if authenticated -#ldap.personLdap.user = uid=someapp,ou=people,dc=myschool,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -#ldap.personLdap.pass = secret - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -#ldap.personLdap.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false diff --git a/test-compose/ui/WEB-INF/classes/grouper.hibernate.properties b/test-compose/ui/WEB-INF/classes/grouper.hibernate.properties deleted file mode 100644 index b9cc983..0000000 --- a/test-compose/ui/WEB-INF/classes/grouper.hibernate.properties +++ /dev/null @@ -1,30 +0,0 @@ -# -# Grouper Hibernate Configuration -# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $ -# - -# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.hibernate.base.properties -# (which should not be edited), and the grouper.hibernate.properties overlays -# the base settings. See the grouper.hibernate.base.properties for the possible -# settings that can be applied to the grouper.hibernate.properties - -######################################## -## DB settings -######################################## - -# e.g. mysql: jdbc:mysql://localhost:3306/grouper -# e.g. p6spy (log sql): [use the URL that your DB requires] -# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid -# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true -# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper -# e.g. postgres: jdbc:postgresql://localhost:5432/database -# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 - -hibernate.connection.username = root -# If you are using an empty password, depending upon your version of -# Java and Ant you may need to specify a password of "". -# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = - diff --git a/test-compose/ui/WEB-INF/classes/grouper.properties b/test-compose/ui/WEB-INF/classes/grouper.properties deleted file mode 100644 index c931287..0000000 --- a/test-compose/ui/WEB-INF/classes/grouper.properties +++ /dev/null @@ -1,25 +0,0 @@ -# -# Grouper Configuration -# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ -# - -# Grouper uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.base.properties -# (which should not be edited), and the grouper.properties overlays -# the base settings. See the grouper.base.properties for the possible -# settings that can be applied to the grouper.properties - -#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) -configuration.autocreate.system.groups = true - -# A wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when interacting with the registry. -groups.wheel.use = true - -# Set to the name of the group you want to treat as the wheel group. -# The members of this group will be treated as root-like users. -groups.wheel.group = etc:sysadmingroup - -# Used to allow Include Exclude groups -grouperIncludeExclude.use = true -grouperIncludeExclude.requireGroups.use = true diff --git a/test-compose/ui/WEB-INF/classes/sources.xml b/test-compose/ui/WEB-INF/classes/sources.xml deleted file mode 100644 index 9c884ae..0000000 --- a/test-compose/ui/WEB-INF/classes/sources.xml +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - - - - - - - - - g:gsa - Grouper: Group Source Adapter - group - - - subjectVirtualAttribute_0_searchAttribute0 - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - displayExtension - - - searchAttribute0 - searchAttribute0 - - - - maxPageSize - 100 - - searchAttribute0 - - - - - - grouperEntities - Grouper: Entity Source Adapter - application - - - subjectVirtualAttribute_0_searchAttribute0 - - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - name - - - searchAttribute0 - searchAttribute0 - - searchAttribute0 - - - - - - ldap - EDU Ldap - person - - INITIAL_CONTEXT_FACTORY - com.sun.jndi.ldap.LdapCtxFactory - - - PROVIDER_URL - ldap://data - - - SECURITY_AUTHENTICATION - simple - - - SECURITY_PRINCIPAL - cn=admin,dc=internet2,dc=edu - - - SECURITY_CREDENTIALS - password - - - SubjectID_AttributeType - uid - - - SubjectID_formatToLowerCase - false - - - Name_AttributeType - cn - - - Description_AttributeType - cn - - - /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE - /// For filter use - - - searchSubject - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - searchSubjectByIdentifier - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - search - - filter - - (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - subjectVirtualAttribute_0_searchAttribute0 - ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} - - - sortAttribute0 - cn - - - searchAttribute0 - searchAttribute0 - - - - - - searchAttribute0 - - ///Attributes you would like to display when doing a search - givenName - sn - uid - - - - - - diff --git a/test-compose/ui/WEB-INF/web.xml.dist b/test-compose/ui/WEB-INF/web.xml.dist deleted file mode 100644 index 3b3bc2a..0000000 --- a/test-compose/ui/WEB-INF/web.xml.dist +++ /dev/null @@ -1,265 +0,0 @@ - - - - - - - - - GrouperUi - edu.internet2.middleware.grouper.ui.GrouperUiFilter - - - - Error Catcher - edu.internet2.middleware.grouper.ui.ErrorFilter - - - - Login check - edu.internet2.middleware.grouper.ui.LoginCheckFilter - - failureUrl - /index.jsp - - - ignore - :/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status: - - - grouperRole - * - - - - - Caller page - edu.internet2.middleware.grouper.ui.CallerPageFilter - - - - CSRFGuard - org.owasp.csrfguard.CsrfGuardFilter - - - - - GrouperUi - *.do - - - - GrouperUi - *.jsp - - - - Error Catcher - *.do - - - - Error Catcher - /gotoCallerPage - - - - GrouperUi - /grouperUi/app/* - - - - GrouperUi - /grouperUi/appHtml/* - - - - GrouperUi - /grouperExternal/app/* - - - - GrouperUi - /grouperExternal/appHtml/* - - - - GrouperUi - /grouperExternal/public/UiV2Public.index - - - - GrouperUi - /grouperExternal/public/UiV2Public.postIndex - - - - Caller page - /gotoCallerPage - - - - Login check - *.do - - - - CSRFGuard - /* - - - - - edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener - - - - org.owasp.csrfguard.CsrfGuardServletContextListener - - - - org.owasp.csrfguard.CsrfGuardHttpSessionListener - - - - - StatusServlet - Status Servlet - edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet - 1 - - - - - - UiServlet - edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet - 1 - - - - OwaspJavaScriptServlet - org.owasp.csrfguard.servlet.JavaScriptServlet - - - - action - org.apache.struts.action.ActionServlet - - config - /WEB-INF/struts-config.xml - - 2 - - - - - StatusServlet - /status - - - - UiServlet - /grouperUi/app/* - - - - UiServlet - /grouperExternal/app/* - - - - UiServlet - /grouperExternal/public/UiV2Public.index - - - - UiServlet - /grouperExternal/public/UiV2Public.postIndex - - - - OwaspJavaScriptServlet - /grouperExternal/public/OwaspJavaScriptServlet - - - - action - *.do - - - - - - - - - - - - UI - /grouperUi/app/* - - - * - - - - - - UI - /grouperUi/appHtml/* - - - * - - - - - - UI - /grouperExternal/app/* - - - * - - - - - - UI - /grouperExternal/appHtml/* - - - * - - - - - - Tomcat login - /login.do - - - - * - - - - BASIC - Grouper Application - - - - - - The role that is required to log in to the Grouper UI - - * - - - - - diff --git a/test-compose/ui/httpd/comodo.cer b/test-compose/ui/httpd/comodo.cer deleted file mode 100644 index d61705d..0000000 --- a/test-compose/ui/httpd/comodo.cer +++ /dev/null @@ -1,91 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs -IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 -MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h -bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt -H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 -uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX -mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX -a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN -E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 -WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD -VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 -Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU -cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx -IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN -AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH -YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC -Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX -c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a -mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk -ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF -eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow -gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK -ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD -VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt -UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC -tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf -jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM -8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm -AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV -Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 -N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF -qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 -HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ -+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX -HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv -A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ -BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud -HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 -dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 -dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD -lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn -RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ -YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 -Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf -Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p -0fKtirOMxyHNwu8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx -MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw -DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e -xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v -HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP -iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl -qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT -eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML -fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL -MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB -hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh -dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo -dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j -cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI -hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU -11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0 -+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR -5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72 -hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo -RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED -Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i -eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa -nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b -oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH -OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk ------END CERTIFICATE----- diff --git a/test-compose/ui/httpd/logout.php b/test-compose/ui/httpd/logout.php deleted file mode 100644 index 0114317..0000000 --- a/test-compose/ui/httpd/logout.php +++ /dev/null @@ -1,7 +0,0 @@ - diff --git a/test-compose/ui/httpd/ssl-enabled.conf b/test-compose/ui/httpd/ssl-enabled.conf deleted file mode 100644 index 73237f3..0000000 --- a/test-compose/ui/httpd/ssl-enabled.conf +++ /dev/null @@ -1,15 +0,0 @@ -Listen 443 https - - RewriteEngine on - RewriteRule "^/$" "/grouper/" [R] - - SSLEngine on - #SSLCertificateChainFile /etc/pki/tls/certs/comodo.cer - - SSLCertificateFile /etc/pki/tls/certs/localhost.crt - - SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header always set Strict-Transport-Security "max-age=15768000" - diff --git a/test-compose/ui/shibboleth/inc-md-cert.pem b/test-compose/ui/shibboleth/inc-md-cert.pem deleted file mode 100644 index 5ec4ec6..0000000 --- a/test-compose/ui/shibboleth/inc-md-cert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV -BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u -IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1 -WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t -b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp -Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+ -dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp -g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK -CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq -/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA -TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo -C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/ -lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V -WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq -Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl -AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE -CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C -GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ== ------END CERTIFICATE----- diff --git a/test-compose/ws/Dockerfile b/test-compose/ws/Dockerfile index 77c06f9..ea9b4c7 100644 --- a/test-compose/ws/Dockerfile +++ b/test-compose/ws/Dockerfile @@ -1,12 +1,8 @@ FROM tier/grouper:latest -MAINTAINER tier-packaging@internet2.edu +LABEL author="tier-packaging@internet2.edu " COPY WEB-INF/ /opt/grouper/grouper.ws/dist/grouper-ws/WEB-INF/ COPY tomcat/ /opt/tomcat/conf/ -# Replace the contents of the files in the following 2 lines with web server cert and private key -COPY httpd/localhost.crt /etc/pki/tls/certs -COPY httpd/localhost.key /etc/pki/tls/private - -COPY httpd/ssl-enabled.conf /etc/httpd/conf.d/ \ No newline at end of file +CMD ["/usr/bin/local/ws"] \ No newline at end of file diff --git a/test-compose/ws/WEB-INF/classes/grouper-loader.properties b/test-compose/ws/WEB-INF/classes/grouper-loader.properties deleted file mode 100644 index 3329e21..0000000 --- a/test-compose/ws/WEB-INF/classes/grouper-loader.properties +++ /dev/null @@ -1,73 +0,0 @@ -#specify the consumers here. specify the consumer name after the changeLog.consumer. part. This example is "psp" -#but it could be changeLog.consumer.myConsumerName.class -#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase -changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -#the quartz cron is a cron-like string. it defaults to every minute on the minute (since the temp to change log job runs -#at 10 seconds to each minute). it defaults to this: 0 * * * * ? -#though it will stagger each one by 2 seconds -# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger -changeLog.consumer.psp.quartzCron = 0 * * * * ? - -# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false. -changeLog.consumer.psp.retryOnError = false - -# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method. -changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer - -# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?. -changeLog.psp.fullSync.quartzCron = 0 0 5 * * ? - -# Run a full synchronization job at startup. Defaults to false. -changeLog.psp.fullSync.runAtStartup = false - -# Omit diff responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitDiffResponses = true - -# Omit sync responses from bulk response to conserve memory. -changeLog.psp.fullSync.omitSyncResponses = true - -################################# -## LDAP connections -################################# -# specify the ldap connection with user, pass, url -# the string after "ldap." is the ID of the connection, and it should not have -# spaces or other special chars in it. In this case is it "personLdap" - -#note the URL should start with ldap: or ldaps: if it is SSL. -#It should contain the server and port (optional if not default), and baseDn, -#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu -ldap.demo.url = ldap://data:389/dc=example,dc=edu - -#optional, if authenticated -#ldap.personLdap.user = uid=someapp,ou=people,dc=myschool,dc=edu - -#optional, if authenticated note the password can be stored encrypted in an external file -#ldap.personLdap.pass = secret - -#optional, if you are using tls, set this to true. Generally you will not be using an SSL URL to use TLS... -#ldap.personLdap.tls = false - -#optional, if using sasl -#ldap.personLdap.saslAuthorizationId = -#ldap.personLdap.saslRealm = - -#optional (note, time limit is for search operations, timeout is for connection timeouts), -#most of these default to vt-ldap defaults. times are in millis -#validateOnCheckout defaults to true if all other validate methods are false -#ldap.personLdap.batchSize = -#ldap.personLdap.countLimit = -#ldap.personLdap.timeLimit = -#ldap.personLdap.timeout = -#ldap.personLdap.minPoolSize = -#ldap.personLdap.maxPoolSize = -#ldap.personLdap.validateOnCheckIn = -#ldap.personLdap.validateOnCheckOut = -#ldap.personLdap.validatePeriodically = -#ldap.personLdap.validateTimerPeriod = -#ldap.personLdap.pruneTimerPeriod = -#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes) -#ldap.personLdap.expirationTime = - -#make the paths fully qualified and not relative to the loader group. -loader.ldap.requireTopStemAsStemFromConfigGroup=false diff --git a/test-compose/ws/WEB-INF/classes/grouper.hibernate.properties b/test-compose/ws/WEB-INF/classes/grouper.hibernate.properties deleted file mode 100644 index b9cc983..0000000 --- a/test-compose/ws/WEB-INF/classes/grouper.hibernate.properties +++ /dev/null @@ -1,30 +0,0 @@ -# -# Grouper Hibernate Configuration -# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $ -# - -# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.hibernate.base.properties -# (which should not be edited), and the grouper.hibernate.properties overlays -# the base settings. See the grouper.hibernate.base.properties for the possible -# settings that can be applied to the grouper.hibernate.properties - -######################################## -## DB settings -######################################## - -# e.g. mysql: jdbc:mysql://localhost:3306/grouper -# e.g. p6spy (log sql): [use the URL that your DB requires] -# e.g. oracle: jdbc:oracle:thin:@server.school.edu:1521:sid -# e.g. hsqldb (a): jdbc:hsqldb:dist/run/grouper;create=true -# e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper -# e.g. postgres: jdbc:postgresql://localhost:5432/database -# e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 - -hibernate.connection.username = root -# If you are using an empty password, depending upon your version of -# Java and Ant you may need to specify a password of "". -# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = - diff --git a/test-compose/ws/WEB-INF/classes/grouper.properties b/test-compose/ws/WEB-INF/classes/grouper.properties deleted file mode 100644 index c931287..0000000 --- a/test-compose/ws/WEB-INF/classes/grouper.properties +++ /dev/null @@ -1,25 +0,0 @@ -# -# Grouper Configuration -# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ -# - -# Grouper uses Grouper Configuration Overlays (documented on wiki) -# By default the configuration is read from grouper.base.properties -# (which should not be edited), and the grouper.properties overlays -# the base settings. See the grouper.base.properties for the possible -# settings that can be applied to the grouper.properties - -#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) -configuration.autocreate.system.groups = true - -# A wheel group allows you to enable non-GrouperSystem subjects to act -# like a root user when interacting with the registry. -groups.wheel.use = true - -# Set to the name of the group you want to treat as the wheel group. -# The members of this group will be treated as root-like users. -groups.wheel.group = etc:sysadmingroup - -# Used to allow Include Exclude groups -grouperIncludeExclude.use = true -grouperIncludeExclude.requireGroups.use = true diff --git a/test-compose/ws/WEB-INF/classes/sources.xml b/test-compose/ws/WEB-INF/classes/sources.xml deleted file mode 100644 index 9c884ae..0000000 --- a/test-compose/ws/WEB-INF/classes/sources.xml +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - - - - - - - - - g:gsa - Grouper: Group Source Adapter - group - - - subjectVirtualAttribute_0_searchAttribute0 - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - displayExtension - - - searchAttribute0 - searchAttribute0 - - - - maxPageSize - 100 - - searchAttribute0 - - - - - - grouperEntities - Grouper: Entity Source Adapter - application - - - subjectVirtualAttribute_0_searchAttribute0 - - ${subject.getAttributeValue('name')},${subject.getAttributeValue('displayName')},${subject.getAttributeValue('alternateName')} - - - sortAttribute0 - name - - - searchAttribute0 - searchAttribute0 - - searchAttribute0 - - - - - - ldap - EDU Ldap - person - - INITIAL_CONTEXT_FACTORY - com.sun.jndi.ldap.LdapCtxFactory - - - PROVIDER_URL - ldap://data - - - SECURITY_AUTHENTICATION - simple - - - SECURITY_PRINCIPAL - cn=admin,dc=internet2,dc=edu - - - SECURITY_CREDENTIALS - password - - - SubjectID_AttributeType - uid - - - SubjectID_formatToLowerCase - false - - - Name_AttributeType - cn - - - Description_AttributeType - cn - - - /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE - /// For filter use - - - searchSubject - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - searchSubjectByIdentifier - - filter - - (&(uid=%TERM%)(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - - search - - filter - - (&(|(|(uid=%TERM%)(cn=*%TERM%*))(uid=%TERM%*))(objectclass=person)) - - - - scope - - SUBTREE_SCOPE - - - - base - - ou=people,dc=internet2,dc=edu - - - - - subjectVirtualAttribute_0_searchAttribute0 - ${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")} - - - sortAttribute0 - cn - - - searchAttribute0 - searchAttribute0 - - - - - - searchAttribute0 - - ///Attributes you would like to display when doing a search - givenName - sn - uid - - - - - - diff --git a/test-compose/ws/httpd/comodo.cer b/test-compose/ws/httpd/comodo.cer deleted file mode 100644 index d61705d..0000000 --- a/test-compose/ws/httpd/comodo.cer +++ /dev/null @@ -1,91 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU -MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs -IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 -MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h -bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt -H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 -uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX -mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX -a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN -E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 -WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD -VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 -Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU -cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx -IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN -AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH -YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC -Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX -c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a -mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk -ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF -eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow -gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK -ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD -VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt -UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC -tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf -jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM -8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm -AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV -Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 -N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF -qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 -HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ -+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX -HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv -A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ -BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud -HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 -dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 -dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD -lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn -RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ -YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 -Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf -Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p -0fKtirOMxyHNwu8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx -MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw -DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e -xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v -HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP -iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl -qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT -eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML -fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL -MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB -hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh -dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo -dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j -cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI -hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU -11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0 -+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR -5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72 -hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo -RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED -Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i -eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa -nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b -oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH -OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk ------END CERTIFICATE----- diff --git a/test-compose/ws/httpd/localhost.crt b/test-compose/ws/httpd/localhost.crt deleted file mode 100644 index 9cc228a..0000000 --- a/test-compose/ws/httpd/localhost.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50 -ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5 -NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J -MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw -FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS -SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W -bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB -ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7 -rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ -ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ -eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr -GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug -CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP -HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI -Z75p+JrWYZJYrx/vpWxL8g== ------END CERTIFICATE----- diff --git a/test-compose/ws/httpd/localhost.key b/test-compose/ws/httpd/localhost.key deleted file mode 100644 index 1b0b579..0000000 --- a/test-compose/ws/httpd/localhost.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEzSZrDaU6UeDa -wycDoCv6N1GJTXYtXOsQX5bfpYiwLEHNetEEXleHUkhivC2bzefGvwUyLB/HS4UJ -VEPKkFGNgH6JVazcW+1mrpnofzzs2FE0cpZ6BqVN1mxjBD8RPwHYD+VP2nWL8ruF -yOXqb+8I2STk6nFWoNeUmpWPmrKPmQv+ZflM0cZlgWcSk7Ei9cuzxXoWOP2Zd2N6 -BlbFZf87KbeZbXqGUHnlcVF9vUtwH9dch2OMaRKfu67wM2P55bE4hwLFKAhSvzRU -Nnr70kcedgfRZNXFj9TA1Q5tkI0Kg/cQRmEp1+m4UHo1ceyVCR5W5btkOaeV3VtA -YoYBZbqBAgMBAAECggEAA/5t0ypZug9DUu0283niqpdIzlKGHXGPS6vE8hD37ytW -wobFiyMm/5YJ5gcPnePV2lCyGEyQ8Ih10LSnE4tOPGLpLnxQn8A11ymf8fnzEJNr -Qnc42o0b+bJqTLAfX4g5z1qzOqWiUQ7CA3sKP3G6FiHh/8tKNYnaFif09Q8cpJFb -YDDkvm48NJgsrIoCgmaFIQIn+yDzGQKWwTNMIks+RByWpc67j1x1kiyQM1RfrEev -Yyq/ZkP66IYZzmZKpFCWGs5qbRZdxyXNpq85DjwA99lAH7vxtMJHQM4z1h1eDH4L -Ma5hEnmmHu4D5lF2GDQYflvuFdDGH5tThO6MV0IrSQKBgQD+kvEtNxJCMxLOVFyV -NWF3pk/i2nkD+53t/VPXjMPtW7IesouEGzU82I/fT2wUTkNwFdkVpv37qoLypKZm -npJFxr6abQNjiDh2Fsh8/iuJfvdZUFJbCEY6NS58qgjix8XCQKRD06EugK7uekIZ -zJnttF3qVBBD8Z8Uwxz8i+jF1wKBgQDF51y/5XB6Bz47cdxw7P8NsfnTz2V3H0HU -OnlEBANbhmBadjU8dqbM54Nxbn7VOdooXPuSnAKJ9vPDg1n5Y/GO+lgldNzfyK6g -HnbldSu0zBvAaGvmAjLjetEtOkBqYkrHJlT6JAems/Kc/YX5uooAz9/jNJFXP9++ -KbjH3CzHZwKBgQC6ppxEDZPKi83nD/2NvMTIyFzcNFj0LaEepFW7vc7NkiSn0zrt -0lEXWqUqEv5oaPWTEcHH2VdxFRTLuSL0LKGMnWqUqQcKDA9xrcSzuFvNhRTwHC81 -5XwwI1wBNV4sgFKj2WdW/6y2/szDt0oNxnC50zvkmlwOpPKBc4kmNaKmowKBgBmC -uXIDIXyZcmw3QTNNWZNqXcnv8iRo4xN4dilOWyBxMfp3QmWI5feD4G2+0Jqr2nNZ -iRRdB/bA3qtVQ0PinkDQBIzPg6lVNS1uv+TUNc4YgXtL+pyrq+Om8U/jMmqEQR9q -0YltG49houSZyatnYGK6aSHgpNuaYD0jI66fsyYBAoGAMefyD0I/ncArjuf58hVQ -zSjxfcvlja9okrC8ZgqsVluezcm4rQNcSjBnESGTCjJC7O29AofGLHkvnsBQDiGk -hE38IRisd+okXdApr41ifWDhmtASud5q6wlhOpMmQxg+OALf1rTvFYhbnFEXV/KY -e5A4iXLRIbxbmXZDa35Rebw= ------END PRIVATE KEY----- diff --git a/test-compose/ws/httpd/logout.php b/test-compose/ws/httpd/logout.php deleted file mode 100644 index 0114317..0000000 --- a/test-compose/ws/httpd/logout.php +++ /dev/null @@ -1,7 +0,0 @@ - diff --git a/test-compose/ws/httpd/ssl-enabled.conf b/test-compose/ws/httpd/ssl-enabled.conf deleted file mode 100644 index a710484..0000000 --- a/test-compose/ws/httpd/ssl-enabled.conf +++ /dev/null @@ -1,12 +0,0 @@ -Listen 443 https - - SSLEngine on - #SSLCertificateChainFile /etc/pki/tls/certs/comodo.cer - - SSLCertificateFile /etc/pki/tls/certs/localhost.crt - - SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header always set Strict-Transport-Security "max-age=15768000" -