Initial multi-purpose Grouper image

.dockerignore

@@ -0,0 +1,3 @@
+.git/
+test-compose/
+*.md

Dockerfile

@@ -0,0 +1,101 @@
+FROM centos:centos7 as installing
+
+RUN yum update -y \
+    && yum install -y wget tar unzip dos2unix \
+    && yum clean all
+
+ENV ANT_VERSION="1.10.1" \
+    GROUPER_VERSION=2.3.0 \
+    JAVA_HOME=/opt/openjdk7 \
+    TOMCAT_MAJOR=8 \
+    TOMCAT_VERSION="8.5.23"
+
+RUN java_version=8.0.131; \ 
+    zulu_version=8.21.0.1; \   
+    echo 'Downloading the OpenJDK Zulu...' \
+    && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
+    && echo "1931ed3beedee0b16fb7fd37e069b162  zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
+    && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
+    && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
+
+#RUN java_version=8u151; \
+#    java_bnumber=12; \
+#    java_semver=1.8.0_151; \
+#    java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
+#    echo 'Downloading the Oracle Java...' \ 
+#    && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
+#    http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
+#    && echo "$java_hash  server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
+#    && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
+#    && ln -s /opt/jdk$java_semver/ $JAVA_HOME
+
+RUN echo 'Downloading Grouper Installer...' \
+    && mkdir -p /opt/grouper/$GROUPER_VERSION \
+    && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
+
+COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
+
+RUN echo 'Installing Grouper'; \
+    PATH=$PATH:$JAVA_HOME/bin; \
+    cd /opt/grouper/$GROUPER_VERSION/ \
+    && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
+
+
+
+FROM centos:centos7 as cleanup
+
+COPY --from=installing /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/ /opt/grouper/grouper.apiBinary
+COPY --from=installing /opt/grouper/2.3.0/grouper.ui-2.3.0/dist/grouper/ /opt/grouper/grouper.ui/dist/grouper/
+COPY --from=installing /opt/grouper/2.3.0/grouper.ws-2.3.0/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/dist/grouper-ws/
+COPY --from=installing /opt/grouper/2.3.0/apache-tomcat-8.5.12/ /opt/tomcat/
+COPY --from=installing /opt/grouper/2.3.0/apache-tomee-webprofile-7.0.0/ /opt/tomee/
+COPY --from=installing /opt/grouper/2.3.0/grouper.clientBinary-2.3.0/ /opt/grouper/grouper.clientBinary/
+
+RUN cd /opt/grouper/grouper.apiBinary/; \
+    rm -fr ddlScripts/ grouper.lck grouper.log grouper.script grouper.tmp// gshAddGrouperSystemWsGroup.gsh logs/ 
+
+RUN cd /opt/tomcat/webapps/; \
+    rm -fr docs/ examples/ host-manager/ manager/ 
+
+RUN cd /opt/tomee/webapps/; \
+    rm -fr docs/ host-manager/ manager/ 
+
+COPY container_files/server.xml /opt/tomcat/conf/
+
+
+FROM tier/shibboleth_sp
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV JAVA_HOME=/opt/openjdk7 \
+    PATH=$PATH:$JAVA_HOME/bin
+
+RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
+
+RUN yum update -y \
+    && yum install -y cron logrotate python-pip \
+    && pip install --upgrade pip \
+    && pip install supervisor \
+    && yum clean -y all
+
+COPY --from=installing $JAVA_HOME $JAVA_HOME
+COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
+COPY --from=cleanup /opt/tomee/ /opt/tomee/
+COPY --from=cleanup /opt/grouper/ /opt/grouper/
+
+COPY container_files/tier-support/ /opt/tier-support/
+COPY container_files/usr-local-bin /usr/local/bin/
+COPY container_files/httpd/grouper-www.conf /etc/httpd/conf.d/
+COPY container_files/shibboleth/* /etc/shibboleth/
+
+RUN cp /dev/null /etc/httpd/conf.d/ssl.conf
+
+WORKDIR /opt/grouper/grouper.apiBinary/
+
+EXPOSE 80 443
+
+CMD ["/bin/sh", "bin/gsh", "-loader"]

container_files/grouper.installer.properties

@@ -0,0 +1,51 @@
+# this should be before the version number
+download.server.url = https://software.internet2.edu/grouper
+# default version to install
+grouper.version = 2.3.0
+# print out autorun keys in prompts so you can easily see how to configure the autorun
+grouperInstaller.print.autorunKeys = true
+# default to install or upgrade (default is install)
+grouperInstaller.default.installOrUpgrade = install
+# where to get grouper source from, the variable $BRANCH_NAME$ will be substituted for the branch
+download.source.url = https://github.com/Internet2/grouper/archive/$BRANCH_NAME$.zip
+# where to get grouper psp source from, the variable $BRANCH_NAME$ will be substituted for the branch
+download.pspSource.url = https://github.com/Internet2/grouper-psp/archive/$BRANCH_NAME$.zip
+##############################
+## Autorun properties
+##
+## If you uncomment one of these properties it will be used as empty, only uncomment to use
+##
+##############################
+
+#### set this to true to try to use defaults for everything.  Only things without default values will need to be set
+grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
+########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
+## Note: not all of them need to be filled out for all operations
+# autorun grouper system password (its not secure to have a plain text pass in a config file)
+grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX
+# autorun Enter the database URL
+grouperInstaller.autorun.dbUrl = jdbc:mysql://localhost:3306/grouper
+# autorun database user
+grouperInstaller.autorun.dbUser = grouper
+# autorun database pass (note, it is not good security to have plaintext passwords in text config files)
+grouperInstaller.autorun.dbPass = XXXXXXXXXX
+# autorun Do you want to init the database (delete all existing grouper tables, add new ones) (t|f)?
+grouperInstaller.autorun.deleteAndInitDatabase = t
+
+# [jvf] The 'fake' run-through of 
+# While running the installer, we don't have access to the database
+#grouperInstaller.autorun.deleteAndInitDatabase = f
+
+# While running the installer, we don't have access to the database
+#grouperInstaller.autorun.addQuickstartSubjectsToDb = f
+
+# grouperInstaller.autorun.addQuickstartData = f
+
+grouperInstaller.autorun.installGrouperActiveMqMessaging = t
+grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/
+
+grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
+grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/
+
+grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
+grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.3.0/grouper.apiBinary-2.3.0/

test-compose/www/container_files/httpd/grouper-www.conf → container_files/httpd/grouper-www.conf

@@ -3,15 +3,14 @@
   ProxyTimeout 2400
   ProxyBadHeader Ignore
 
-
-
   ProxyPass /Shibboleth.sso !
-  ProxyPass / ajp://ui:8009/  timeout=2400
+  ProxyPass /grouper ajp://localhost:8009/grouper  timeout=2400
+  ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws  timeout=2400
 
-  <Location />
+  <Location /grouper>
      AuthType shibboleth
      ShibRequestSetting requireSession 1
-     ShibRequireSession            on
+     ShibRequireSession on
      ShibUseHeaders On
      require shibboleth
     </Location>
@@ -27,20 +26,3 @@
   SSLStaplingResponderTimeout 5
   SSLStaplingReturnResponderErrors off
   SSLStaplingCache        shmcb:/var/run/ocsp(128000)
-
-
-  Listen 443 https
-  <VirtualHost *:443>
-    RewriteEngine on
-    RewriteRule   "^/$"  "/grouper/"  [R]
-
-    SSLEngine on
-    SSLCertificateChainFile /etc/pki/tls/certs/comodo.cer
-
-    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-
-    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-
-    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
-    Header always set Strict-Transport-Security "max-age=15768000"
-  </VirtualHost>