diff --git a/base/Dockerfile b/base/Dockerfile
index ab2d7ba..3a4bee4 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -37,10 +37,6 @@ RUN dnf install -y nano nc openldap-clients httpd mod_ssl https://archive.fedora
&& dnf install -y postgresql-server postgresql-contrib
-# Install pgAdmin (ref: https://www.pgadmin.org/download/pgadmin-4-rpm/)
-RUN rpm -i https://ftp.postgresql.org/pub/pgadmin/pgadmin4/yum/pgadmin4-redhat-repo-2-1.noarch.rpm \
- && dnf -y install pgadmin4-web
-
# Init ldap and add basic schemas and OU's
COPY container_files/ldap/ /tmp/base/ldap/
@@ -60,16 +56,15 @@ RUN cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG \
&& while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done
-# install Go app for MailHog
-RUN dnf install -y golang \
- && go install github.com/mailhog/MailHog@v1.0.1
-
-
# Init grouper databases and grouper, needs ldap and db to be up
+COPY container_files/usr-local-bin/* /usr/local/bin/
COPY container_files/grouper/conf /opt/grouper/grouperWebapp/WEB-INF/classes/
COPY container_files/postgres/00-init_dbs_and_users.sql /tmp/base/postgres/00-init_dbs_and_users.sql
-RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+RUN . /usr/local/bin/library.sh \
+ && . /usr/local/bin/librarySetupPipe.sh \
+ && setupPipe_logging \
+ && (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
&& while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done \
&& su -l postgres -c /usr/bin/initdb \
&& su -l postgres -c "pg_ctl -D /var/lib/pgsql/data -l /tmp/pg_logfile start" \
@@ -82,6 +77,8 @@ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
&& su -l postgres -c "pg_ctl -D /var/lib/pgsql/data stop" \
&& while nc -z localhost 5432 > /dev/null; do echo waiting for postgres to stop; sleep 1; done
+# && (cp ./classes/log4j2.xml.debug ./classes/log4j2.xml; ./bin/gsh.sh -registry -check -runscript -noprompt; cat -n /tmp/logpipe) \
+
# overwrite max_connections and other properties
COPY container_files/postgres/postgresql.conf /var/lib/pgsql/data/postgresql.conf
COPY container_files/postgres/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf
@@ -109,6 +106,31 @@ RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.locald
RUN mkdir -p /run/php-fpm/
+# Install pgAdmin (ref: https://www.pgadmin.org/download/pgadmin-4-rpm/)
+
+RUN rpm -i https://ftp.postgresql.org/pub/pgadmin/pgadmin4/yum/pgadmin4-redhat-repo-2-1.noarch.rpm \
+ && dnf -y install pgadmin4-web
+
+# We will overwrite the generated database with almost the same, but with the server entry added
+COPY container_files/pgadmin/ /tmp/base/pgadmin/
+
+RUN PGADMIN_SETUP_EMAIL=postgres@localhost.localdomain PGADMIN_SETUP_PASSWORD='Example123' /usr/pgadmin4/bin/setup-web.sh --yes \
+ && /usr/bin/cp -p /tmp/base/pgadmin/pgadmin4.db /var/lib/pgadmin/pgadmin4.db \
+ && chown apache:apache /var/lib/pgadmin/pgadmin4.db \
+ && httpd \
+ && curl http://127.0.0.1/pgadmin4/ \
+ && pkill httpd \
+ && rm -f /run/httpd/httpd.pid
+
+
+
+# install Go app for MailHog
+RUN dnf install -y golang \
+ && go install github.com/mailhog/MailHog@v1.0.1
+
+
+
+
# Copy general support files
COPY container_files/etc/ /etc/
COPY container_files/shibboleth-sp/ /etc/shibboleth/
@@ -118,7 +140,6 @@ COPY container_files/tier-support/* /opt/tier-support/
COPY container_files/tls/host-key.pem /etc/pki/tls/private/
COPY container_files/tls/* /etc/pki/tls/certs/
COPY container_files/var-www-html/ /var/www/html/
-COPY container_files/usr-local-bin/* /usr/local/bin/
#COPY container_files/usr/share/ /usr/share/
@@ -149,114 +170,3 @@ RUN touch /opt/tomcat/conf/Catalina/localhost/rewrite.config
EXPOSE 389 636 5432 443 8080 8443 5005 1025 8025
CMD ["grouper"]
-
-## ===========================================================
-#
-#RUN false
-#
-#RUN dnf install -y procps-ng nano nc mariadb mariadb-server openldap-clients php php-json php-mysqlnd golang https://archive.fedoraproject.org/pub/archive/epel/8.7/Everything/x86_64/Packages/p/phpldapadmin-1.2.6.3-1.el8.noarch.rpm \
-# && dnf install -y 'dnf-command(config-manager)' \
-# && dnf config-manager --set-enabled powertools \
-# && dnf install -y openldap-servers \
-# && dnf clean all
-#
-#RUN mkdir -p /tmp/phpmyadmin \
-# && cd /tmp/phpmyadmin \
-# && wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip \
-# && unzip phpMyAdmin-*.zip \
-# && mv phpMyAdmin-*-all-languages /usr/share/phpmyadmin \
-# && mkdir -p /run/php-fpm/ /usr/share/phpmyadmin/tmp/
-#
-#COPY container_files/seed-data/ /seed-data/
-#
-## TODO get the my.cnf from the old server. These files are in cnf.d and don't have a lot of variables
-#RUN mysql_install_db --force \
-# && chown -R mysql:mysql /var/lib/mysql/ /var/log/mariadb \
-# && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf.d/mariadb-server.cnf \
-# && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
-# && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
-# && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
-# && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
-# && cat /etc/my.cnf \
-# && echo "/usr/bin/mysqld_safe &" > /tmp/config \
-# && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
-# && echo "mysql -e 'CREATE USER \"root\"@\"%\"; GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION; FLUSH PRIVILEGES'" >> /tmp/config \
-# && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
-# && bash /tmp/config \
-# && rm -f /tmp/config
-## && mysql grouper < /seed-data/sisData.sql
-#
-## TODO error ERROR 1133 (28000) at line 1: Can't find any matching row in the user table
-#
-## On Rocky Linux, slapd defaults to mdg not hdb
-## use `ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q "olcDatabase=*" dn` to config
-#
-## On Rocky, don't need to import module memberOf (`cat /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif`)
-#
-#RUN cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG \
-# && mkdir -p /var/ldap/example \
-# && chown -R ldap:ldap /var/lib/ldap /etc/openldap/slapd.d /var/ldap \
-# && (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-# && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done \
-# && ldapmodify -Y EXTERNAL -H ldapi:/// -f /seed-data/domain.ldif \
-# && ldapadd -H ldapi:/// -f /etc/openldap/schema/cosine.ldif \
-# && ldapadd -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif \
-# && ldapadd -H ldapi:/// -f /seed-data/memberOf.ldif \
-# && ldapadd -H ldapi:/// -f /seed-data/eduPerson.ldif \
-# && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-# && pkill -HUP slapd \
-# && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done
-#
-## install Go app for MailHog
-#RUN dnf install -y golang \
-# && go install github.com/mailhog/MailHog@v1.0.1
-#
-#COPY container_files/grouper/conf /opt/grouper/grouperWebapp/WEB-INF/classes/
-##COPY container_files/conf/grouperText/* /opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/
-#
-#RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-# && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-# (mysqld_safe & ) \
-# && while ! nc -z localhost 3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-# cd /opt/grouper/grouperWebapp/WEB-INF/bin \
-# && ./gsh.sh -registry -check -runscript -noprompt \
-# && pkill -HUP slapd \
-# && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-# pkill -u mysql mysqld \
-# && while nc -z localhost 3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
-#
-#COPY --from=idp /opt/shibboleth-idp/ /opt/shibboleth-idp/
-#
-#COPY container_files/etc/ /etc/
-#COPY container_files/httpd/* /etc/httpd/conf.d/
-#COPY container_files/shibboleth-idp/ /opt/shibboleth-idp/
-#COPY container_files/shibboleth-sp/* /etc/shibboleth/
-#COPY container_files/tomcat/ /opt/tomcat/
-#COPY container_files/tier-support/* /opt/tier-support/
-#COPY container_files/tls/host-key.pem /etc/pki/tls/private/
-#COPY container_files/tls/* /etc/pki/tls/certs/
-#COPY container_files/usr-local-bin/* /usr/local/bin/
-#COPY container_files/var-www-html/ /var/www/html/
-#COPY container_files/usr/share/ /usr/share/
-#
-##RUN cp /opt/tier-support/grouper.xml /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/ \
-#RUN chown -R tomcat /opt/shibboleth-idp/ \
-# && chmod -R 700 /opt/shibboleth-idp/ \
-# && chmod +rx /var/www/html/app/index.py \
-# && ANT_OPTS="-Didp.noprompt=true -Didp.target.dir=/opt/shibboleth-idp" /opt/shibboleth-idp/bin/build.sh \
-# && chmod go-w /usr/share/phpmyadmin/config.inc.php
-#
-#
-#RUN chown -R tomcat:tomcat /opt/grouper/grouperWebapp
-#RUN chown -R tomcat:tomcat /opt/tomcat
-#RUN chown -R apache:apache /usr/share/phpmyadmin/tmp/
-#
-#ENV GROUPER_START_DELAY_SECONDS=10 \
-# GROUPER_WS_GROUPER_AUTH=true
-#
-## note 5005 is for remote Java debugging
-## 1025 is MailHog SMTP server
-## 8025 is MailHog HTTP server
-#EXPOSE 389 3306 8080 5005 1025 8025
-#
-#CMD ["grouper"]
diff --git a/base/container_files/httpd/grouper-testapp.conf b/base/container_files/httpd/grouper-testapp.conf
index 3ecb6b5..ed155a1 100644
--- a/base/container_files/httpd/grouper-testapp.conf
+++ b/base/container_files/httpd/grouper-testapp.conf
@@ -5,17 +5,17 @@
Require shibboleth
Options +ExecCGI
- AddHandler cgi-script .py
+ AddHandler cgi-script .php
- DirectoryIndex index.py
+ DirectoryIndex index.php
-
+
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession on
- Require shib-attr eduPersonEntitlement urn:mace:example.edu:admin urn:mace:example.edu:superUser
+ Require shib-attr eduPersonEntitlement http://sp.example.org/wiki
ErrorDocument 401 /app/accessError.html
DirectoryIndex index.html
-
\ No newline at end of file
+
diff --git a/base/container_files/pgadmin/pgadmin4.db b/base/container_files/pgadmin/pgadmin4.db
new file mode 100644
index 0000000..a7f8576
Binary files /dev/null and b/base/container_files/pgadmin/pgadmin4.db differ
diff --git a/base/container_files/var-www-html/app/accessError.html b/base/container_files/var-www-html/app/accessError.html
index 6643c5a..2e68d9e 100644
--- a/base/container_files/var-www-html/app/accessError.html
+++ b/base/container_files/var-www-html/app/accessError.html
@@ -16,7 +16,7 @@ Authorization Failed
Based on the information provided to this application about you, you are
-not authorized to access the resource because you are not an admin or superuser.
+not authorized to access the resource because you are missing the proper entitlement.
diff --git a/base/container_files/var-www-html/app/index.php b/base/container_files/var-www-html/app/index.php
new file mode 100644
index 0000000..89c09f5
--- /dev/null
+++ b/base/container_files/var-www-html/app/index.php
@@ -0,0 +1,31 @@
+
+
+
+ User Attributes
+
+
+
+SP Logout
+
+
+ $value) {
+ if (preg_match('/^([a-z])|(Shib)|REMOTE_USER/', $key)) {
+ $headers[$key] = $value;
+ }
+}
+
+ksort($headers);
+
+foreach ($headers as $header => $value) {
+ echo "$header: $value
";
+}
+?>
+
+* This list is a filtered list of environment variables containing the Shibboleth SP attributes.
+
+Test access to the student wiki (requires eduPersonEntitlement value http://sp.example.org/wiki)
+
+
diff --git a/base/container_files/var-www-html/app/index.py b/base/container_files/var-www-html/app/index.py
deleted file mode 100644
index b451037..0000000
--- a/base/container_files/var-www-html/app/index.py
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: UTF-8 -*-# enable debugging
-import cgitb
-import os
-
-cgitb.enable()
-
-print("Content-Type: text/html;charset=utf-8")
-print("\n")
-print("
User Attributes")
-print("SP Logout
")
-
-for k, v in sorted(os.environ.items()):
- if k == "REMOTE_USER" or k.startswith('Shib') or not k[0].isupper():
- print ("%s = %s
" % (k, v))
-
-print("* This list is a filtered list of environment variables containing the Shibboleth SP attributes.
")
-print("")
\ No newline at end of file
diff --git a/base/container_files/var-www-html/app/admin/index.html b/base/container_files/var-www-html/app/wiki/index.html
similarity index 100%
rename from base/container_files/var-www-html/app/admin/index.html
rename to base/container_files/var-www-html/app/wiki/index.html
diff --git a/base/container_files/var-www-html/index.html b/base/container_files/var-www-html/index.html
index f430eea..b4f3821 100644
--- a/base/container_files/var-www-html/index.html
+++ b/base/container_files/var-www-html/index.html
@@ -52,10 +52,10 @@ GTE jump page
Civilian: jsmith / password
- | Database manager |
- https://localhost:8443/phpmyadmin/ |
- Phpmyadmin Mysql database manager |
- root / <no password> |
+ Database manager |
+ https://localhost:8443/pgadmin4/browser/ |
+ pgAdmin PostgreSQL database manager |
+ postgres@localhost.localdomain / Example123 |
| LDAP manager |
diff --git a/gte b/gte
index 856e587..d0f9676 100755
--- a/gte
+++ b/gte
@@ -9,7 +9,7 @@ EXTRA_ARGS=
show_help() {
echo "$0 [--sql] [--ldap] [--fg|-it] [docker args ...] [container cmd ...]"
- echo " --sql: Expose port 3306"
+ echo " --sql: Expose port 5432"
echo " --ldap: Expose port 389"
echo " --fg: Don't detach (i.e., don't run container with -d flag"
echo " -h|--help: This help message"
@@ -19,7 +19,7 @@ show_help() {
for arg in $*; do
case $arg in
- --sql) EXTRA_ARGS="$EXTRA_ARGS -p 3306:3306"; shift;;
+ --sql) EXTRA_ARGS="$EXTRA_ARGS -p 5432:5432"; shift;;
--ldap) EXTRA_ARGS="$EXTRA_ARGS -p 389:389"; shift;;
--fg) is_foreground=1; shift;;
-it) is_foreground=1; EXTRA_ARGS="$EXTRA_ARGS $1"; shift;;