Skip to content
Permalink
Browse files

Merge pull request #25 from docker/201911

updating master with latest from 201911 temple training
  • Loading branch information
wgthom committed Jan 5, 2020
2 parents c6577f3 + 9314d1f commit f0ce67a1e6173b10e007d7387bb80af95bc6e77e
Showing with 26,992 additions and 568 deletions.
  1. +5 −1 .gitignore
  2. +34 −39 Jenkinsfile
  3. +53 −78 README.md
  4. +11 −6 base/Dockerfile
  5. +5 −0 base/container_files/conf/grouper-ui.properties
  6. +30 −0 base/container_files/conf/grouper.properties
  7. BIN base/container_files/shibboleth-idp/edit-webapp/images/Grouper_204px.png
  8. +6 −0 base/container_files/shibboleth-idp/messages/messages.properties
  9. +1 −1 base/container_files/tomcat/conf/Catalina/localhost/idp.xml
  10. +3 −0 base/manualBuild.sh
  11. +7 −0 buildVersion.sh
  12. +1 −1 common.bash
  13. +199 −0 docs/201/201.1.rst
  14. +128 −0 docs/201/201.2.rst
  15. +161 −0 docs/201/201.3.rst
  16. +123 −0 docs/201/201.4.rst
  17. +145 −0 docs/201/201.5.rst
  18. +10 −0 docs/201/examples/201-3-4.pspng-epa.grouper-loader.properties
  19. +66 −0 docs/201/examples/201-3-5.attribute-filter.xml
  20. +9 −0 docs/201/examples/201-4-4.pspng-epe.grouper-loader.properties
  21. +66 −0 docs/201/examples/201-4-5.attribute-filter.xml
  22. +18 −0 docs/201/index.rst
  23. +413 −0 docs/401/401.1.rst
  24. +279 −0 docs/401/401.2.rst
  25. +319 −0 docs/401/401.3.rst
  26. +26 −0 docs/401/401.4-example-solution.rst
  27. +134 −0 docs/401/401.4.rst
  28. +152 −0 docs/401/appendix.rst
  29. +90 −0 docs/401/examples/401.1.3-pspng-config.properties
  30. +100 −0 docs/401/examples/401.2.2-pspng-config.properties
  31. +181 −0 docs/401/examples/401.2.3-general-authn.xml
  32. +88 −0 docs/401/examples/401.2.3-mfa-authn-config.xml
  33. +15 −0 docs/401/examples/401.2.4-athletics-dept.txt
  34. +34 −0 docs/401/examples/401.2.5-banner-netids.txt
  35. +118 −0 docs/401/examples/401.3.2-grouper-loader.properties
  36. +112 −0 docs/401/examples/401.3.2-grouper.client.properties
  37. +21 −0 docs/401/index.rst
  38. +19 −0 docs/Makefile
  39. +182 −0 docs/conf.py
  40. BIN docs/figures/201-add-ref-students.png
  41. BIN docs/figures/201-anna-smith-trace-priv.png
  42. BIN docs/figures/201-anna-smith-trace.png
  43. BIN docs/figures/201-asmith989-attest.png
  44. BIN docs/figures/201-create-students-group.png
  45. BIN docs/figures/201-ePA-attribute-release.png
  46. BIN docs/figures/201-ePA-member-vis.png
  47. BIN docs/figures/201-ePA-member.png
  48. BIN docs/figures/201-ePA-policy-groups.png
  49. BIN docs/figures/201-ePA-pspng-run.png
  50. BIN docs/figures/201-ePA-pspng.png
  51. BIN docs/figures/201-ePE-value.png
  52. BIN docs/figures/201-eduPersonAffiliation-app-template.png
  53. BIN docs/figures/201-fin-report-attest-audit-log.png
  54. BIN docs/figures/201-fin-report-reader.png
  55. BIN docs/figures/201-fin-report-write-audit.png
  56. BIN docs/figures/201-fin-report-writer-attestation.png
  57. BIN docs/figures/201-fin-report-writer.png
  58. BIN docs/figures/201-jsmith-trace.png
  59. BIN docs/figures/201-new-vpn-app.png
  60. BIN docs/figures/201-new-vpn-policy.png
  61. BIN docs/figures/201-priv-grant-fin-mgr.png
  62. BIN docs/figures/201-pspng-entitlements-run-job.png
  63. BIN docs/figures/201-review-priv-fin-mgr.png
  64. BIN docs/figures/201-students-change-of-status.png
  65. BIN docs/figures/201-students-direct-membership.png
  66. BIN docs/figures/201-students-end-date.png
  67. BIN docs/figures/201-students-indirect-membership.png
  68. BIN docs/figures/201-students-visualization.png
  69. BIN docs/figures/201-vpn-access.png
  70. BIN docs/figures/201-vpn-access2.png
  71. BIN docs/figures/201-vpn-allow-audit.png
  72. BIN docs/figures/201-vpn-allow-privileges.png
  73. BIN docs/figures/201-wiki-app.png
  74. BIN docs/figures/201-wiki-policy.png
  75. BIN docs/figures/201-wiki-user-pspng.png
  76. BIN docs/figures/401-banderson-mfa-enabled.png
  77. BIN docs/figures/401-board-effect-ann-admin-priv.png
  78. BIN docs/figures/401-board-effect-ann-privs.png
  79. BIN docs/figures/401-board-effect-ann-updated-privs.png
  80. BIN docs/figures/401-board-effect-app.png
  81. BIN docs/figures/401-board-effect-final-privs.png
  82. BIN docs/figures/401-board-effect-finance-committee.png
  83. BIN docs/figures/401-board-effect-finance-privs-admin.png
  84. BIN docs/figures/401-board-effect-my-groups.png
  85. BIN docs/figures/401-board-effect-rabbitmq.png
  86. BIN docs/figures/401-board-effect-ref-board-privs.png
  87. BIN docs/figures/401-board-effect-trace-ann-updaters.png
  88. BIN docs/figures/401-board-effect-workroom-helpers.png
  89. BIN docs/figures/401-board-effect-workroom.png
  90. BIN docs/figures/401-bsmith458-trace-membership.png
  91. BIN docs/figures/401-bsmith458-trace.png
  92. BIN docs/figures/401-ldap-loader-diag.png
  93. BIN docs/figures/401-ldap-loader-logs.png
  94. BIN docs/figures/401-legacy-ldap-vpn.png
  95. BIN docs/figures/401-lms-solution.png
  96. BIN docs/figures/401-mfa-amber-join.png
  97. BIN docs/figures/401-mfa-amber-leave.png
  98. BIN docs/figures/401-mfa-athletics.png
  99. BIN docs/figures/401-mfa-banner-2days-review.png
  100. BIN docs/figures/401-mfa-banner-2days.png
  101. BIN docs/figures/401-mfa-banner-minus-faculty.png
  102. BIN docs/figures/401-mfa-clean-policy.png
  103. BIN docs/figures/401-mfa-enabled.png
  104. BIN docs/figures/401-mfa-opt-in-privs.png
  105. BIN docs/figures/401-mfa-opt-in-security.png
  106. BIN docs/figures/401-mfa-policy.png
  107. BIN docs/figures/401-other-cohorts.png
  108. BIN docs/figures/401-vpn-acls-visual.png
  109. BIN docs/figures/401-vpn-add-jsmith.png
  110. BIN docs/figures/401-vpn-ajohnson409-privs.png
  111. BIN docs/figures/401-vpn-attest.png
  112. BIN docs/figures/401-vpn-audit-list.png
  113. BIN docs/figures/401-vpn-authorized-ldap.png
  114. BIN docs/figures/401-vpn-blee172-pit-query.png
  115. BIN docs/figures/401-vpn-legacy-members.png
  116. BIN docs/figures/401-vpn-misc-attest.png
  117. BIN docs/figures/401-vpn-policy.png
  118. BIN docs/figures/401-vpn-provision-to.png
  119. BIN docs/figures/401-vpn-trace-blee172.png
  120. +25 −0 docs/index.rst
  121. +35 −0 docs/make.bat
  122. +21 −3 ex101/ex101.1.1/Dockerfile
  123. +93 −0 ex101/ex101.1.1/container_files/grouper-loader.properties
  124. +249 −0 ex101/ex101.1.1/container_files/seed-data/bootstrap.gsh
  125. +3,741 −0 ex101/ex101.1.1/container_files/seed-data/sisData.sql
  126. +18,328 −0 ex101/ex101.1.1/container_files/seed-data/users.ldif
  127. +76 −0 ex101/ex101.1.1/container_files/subject.properties
  128. +3 −1 ex101/manualBuild.sh
  129. +1 −0 ex101/run.sh
  130. +3 −2 ex201/ex201.1.1/Dockerfile
  131. +1 −1 ex201/ex201.1.1/container_files/grouper-loader.properties
  132. +233 −0 ex201/ex201.1.1/container_files/seed-data/bootstrap.gsh
  133. +0 −1 ex201/ex201.1.1/container_files/seed-data/sisData.sql
  134. +3 −2 ex201/ex201.1.end/Dockerfile
  135. +13 −105 ex201/ex201.1.end/container_files/seed-data/bootstrap.gsh
  136. +3 −2 ex201/ex201.2.1/Dockerfile
  137. +2 −8 ex201/ex201.2.1/container_files/seed-data/bootstrap.gsh
  138. +3 −2 ex201/ex201.2.end/Dockerfile
  139. +26 −23 ex201/ex201.2.end/container_files/seed-data/bootstrap.gsh
  140. +3 −2 ex201/ex201.3.1/Dockerfile
  141. +2 −0 ex201/ex201.3.1/container_files/seed-data/bootstrap.gsh
  142. +3 −2 ex201/ex201.3.end/Dockerfile
  143. +19 −14 ex201/ex201.3.end/container_files/seed-data/bootstrap.gsh
  144. +3 −2 ex201/ex201.4.1/Dockerfile
  145. +2 −1 ex201/ex201.4.1/container_files/seed-data/bootstrap.gsh
  146. +3 −2 ex201/ex201.4.end/Dockerfile
  147. +11 −11 ex201/ex201.4.end/container_files/seed-data/bootstrap.gsh
  148. +3 −2 ex201/ex201.5.1/Dockerfile
  149. +2 −0 ex201/ex201.5.1/container_files/seed-data/bootstrap.gsh
  150. +3 −2 ex201/ex201.5.end/Dockerfile
  151. +28 −19 ex201/ex201.5.end/container_files/seed-data/bootstrap.gsh
  152. +12 −10 ex201/manualBuild.sh
  153. +17 −3 ex211/ex211.1.1/Dockerfile
  154. +3 −0 ex211/ex211.1.1/container_files/seed-data/bootstrap.gsh
  155. 0 ex211/ex211.1.1/container_files/seed-data/sisData.sql
  156. 0 ex211/ex211.1.1/container_files/seed-data/users.ldif
  157. +3 −1 ex211/manualBuild.sh
  158. +17 −3 ex301/ex301.4.1/Dockerfile
  159. +3 −0 ex301/ex301.4.1/container_files/seed-data/bootstrap.gsh
  160. 0 ex301/ex301.4.1/container_files/seed-data/sisData.sql
  161. 0 ex301/ex301.4.1/container_files/seed-data/users.ldif
  162. +3 −1 ex301/manualBuild.sh
  163. +1 −0 ex401/class-files/CisoQuestionalUsers.txt
  164. +3 −2 ex401/ex401.1.1/Dockerfile
  165. +1 −1 ex401/ex401.1.1/container_files/grouper-loader.properties
  166. +12 −2 ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh
  167. +3 −2 ex401/ex401.1.2/Dockerfile
  168. +3 −2 ex401/ex401.1.3/Dockerfile
  169. +13 −9 ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
  170. +3 −2 ex401/ex401.1.4/Dockerfile
  171. +3 −2 ex401/ex401.1.5/Dockerfile
  172. +3 −2 ex401/ex401.1.6/Dockerfile
  173. +3 −2 ex401/ex401.1.end/Dockerfile
  174. +147 −19 ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
  175. +3 −2 ex401/ex401.2.1/Dockerfile
  176. +3 −0 ex401/ex401.2.1/container_files/seed-data/bootstrap.gsh
  177. +3 −2 ex401/ex401.2.2/Dockerfile
  178. +3 −2 ex401/ex401.2.3/Dockerfile
  179. +3 −2 ex401/ex401.2.4/Dockerfile
  180. +3 −2 ex401/ex401.2.5/Dockerfile
  181. +3 −2 ex401/ex401.2.6/Dockerfile
  182. +3 −2 ex401/ex401.2.7/Dockerfile
  183. +3 −2 ex401/ex401.2.8/Dockerfile
  184. +3 −2 ex401/ex401.2.9/Dockerfile
  185. +3 −2 ex401/ex401.2.end/Dockerfile
  186. +153 −15 ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh
  187. +3 −2 ex401/ex401.3.1/Dockerfile
  188. +2 −0 ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh
  189. +3 −2 ex401/ex401.3.2/Dockerfile
  190. +3 −2 ex401/ex401.3.3/Dockerfile
  191. +3 −2 ex401/ex401.3.4/Dockerfile
  192. +3 −2 ex401/ex401.3.5/Dockerfile
  193. +3 −2 ex401/ex401.3.6/Dockerfile
  194. +3 −2 ex401/ex401.3.7/Dockerfile
  195. +3 −2 ex401/ex401.3.end/Dockerfile
  196. +84 −16 ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh
  197. +3 −2 ex401/ex401.4.1/Dockerfile
  198. +2 −1 ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh
  199. +3 −2 ex401/ex401.4.end/Dockerfile
  200. +79 −69 ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh
  201. +10 −27 ex401/manualBuild.sh
  202. +3 −2 full-demo/Dockerfile
  203. +13 −0 gte
  204. +9 −0 gte-gsh
  205. +9 −0 gte-shell
  206. +4 −2 manualBuild.sh
  207. +3 −0 start-rabbitmq.sh
@@ -1,3 +1,7 @@
localManualBuild.sh
runContainer.sh
tmp
tmp
.vscode/spellright.dict
.vscode/settings.json
.DS_Store
_build
@@ -9,15 +9,15 @@


/** Each class has a set of modules with a set of steps.
* For examples, ex101.1.1, ex101.1.2, ex101.1.3, ex101.2.1, ex101.2.2, etc.
* Each step is an image.
* The exceriseSets has the class name and an array of the number of steps for module.
* For examples, 101.1.1, 101.1.2, 101.1.3, 101.2.1, 101.2.2, etc.
* Each step is an associated docker image.
* exceriseSets has the class name and an array of the number of steps for module.
**/
exceriseSets = [
// 'ex101' : [3, 2],
'ex201' : [1, 1, 1, 1, 1],
// 'ex301' : [2, 2, 5, 6], manually built with a single image
'ex401' : [6, 9, 7, 1]
// '101' : [3, 2],
'201' : [1, 1, 1, 1, 1],
// '301' : [2, 2, 5, 6], manually built with a single image
'401' : [1, 1, 1, 1]
]

pipeline {
@@ -33,22 +33,21 @@ pipeline {
script {
maintainer = maintain()
imagename = imagename()
/* if(env.BRANCH_NAME == "master") {
if(env.BRANCH_NAME == "master") {
tag = "latest"
} else {
tag = env.BRANCH_NAME
}
*/

if(!imagename){
echo "You must define an imagename in common.bash"
currentBuild.result = 'FAILURE'
}
sh 'mkdir -p bin'
sh 'mkdir -p tmp'
sh 'mkdir -p tmp && mkdir -p bin'
dir('tmp'){
git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
sh 'ls'
sh 'mv bin/* ../bin/.'
sh 'rm -rf ../bin/*'
sh 'mv ./bin/* ../bin/.'
}
}
}
@@ -71,8 +70,8 @@ pipeline {
steps {
script {
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-${maintainer}") {
def baseImg = docker.build("${maintainer}/${imagename}:base", "--no-cache --pull base")
baseImg.push("base")
def baseImg = docker.build("${maintainer}/${imagename}:base-${tag}", "--no-cache --pull base")
baseImg.push("base-${tag}")
}
}
}
@@ -84,37 +83,33 @@ pipeline {
def tagSet = generateTagSet()
def builds = build(tagSet)

if(env.BRANCH_NAME == "master") {
if(env.BRANCH_NAME == "201911") {
//builds.each{ k, v -> echo ("push ${k}") } //for local testing
builds.each{ k, v -> v.push(k) }

def build = docker.build("${maintainer}/${imagename}:101.1.1-${tag}", "--no-cache --pull --build-arg VERSION_TAG=${tag} ex101/ex101.1.1")
build.push("101.1.1-${tag}")

} else {
echo 'skipping push, since the SCM branch is not master'
}
}
}
}
}
stage('Build Oddballs') {
steps {
script {
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-${maintainer}") {
def baseImg = docker.build("${maintainer}/${imagename}:ex101.1.1", "--no-cache --pull ex101/ex101.1.1")
baseImg.push("ex101.1.1")
build = docker.build("${maintainer}/${imagename}:211.1.1-${tag}", "--no-cache --pull --build-arg VERSION_TAG=${tag} ex211/ex211.1.1")
build.push("211.1.1-${tag}")

baseImg = docker.build("${maintainer}/${imagename}:ex211.1.1", "--no-cache --pull ex211/ex211.1.1")
baseImg.push("ex211.1.1")
build = docker.build("${maintainer}/${imagename}:301.4.1-${tag}", "--no-cache --pull --build-arg VERSION_TAG=${tag} ex301/ex301.4.1")
build.push("301.4.1-${tag}")

build = docker.build("${maintainer}/${imagename}:full_demo-${tag}", "--no-cache --pull --build-arg VERSION_TAG=${tag} full-demo")
build.push("full_demo-${tag}")

baseImg = docker.build("${maintainer}/${imagename}:ex301.4.1", "--no-cache --pull ex301/ex301.4.1")
baseImg.push("ex301.4.1")
} else {
echo 'not building images, since the SCM branch is not 201911'
}
}
}
}
}
stage('Notify') {
steps{
echo "$maintainer"
slackSend color: 'good', message: "${maintainer}/${imagename} set pushed to DockerHub"
slackSend color: 'good', message: "${maintainer}/${imagename} version ${tag} pushed to DockerHub"
}
}
}
@@ -124,7 +119,7 @@ pipeline {
}
failure {
// slackSend color: 'good', message: "Build failed"
handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename} version ${tag}.")
}
}
}
@@ -159,10 +154,10 @@ def generateTagSet() {
def build(tagSet) {
def builds = [:]

for (String tag : tagSet) {
def baseImg = docker.build("${maintainer}/${imagename}:${tag}", "--no-cache ${tag.tokenize('.')[0]}/${tag}")
echo "built ${tag}; adding to the push queue"
builds.put(tag, baseImg);
for (String tags : tagSet) {
def baseImg = docker.build("${maintainer}/${imagename}:${tags}-${tag}", "--no-cache --build-arg VERSION_TAG=${tag} ex${tags.tokenize('.')[0]}/ex${tags}")
echo "built ${tags}-${tag}; adding to the push queue"
builds.put("${tags}-${tag}", baseImg);
}

builds
131 README.md
@@ -1,97 +1,72 @@
# grouper_training
A set of Grouper images that are used during I2/TIER training.
# Grouper Training Environment

# Images
The Grouper Training Environment (gte) is a set of docker images that contain
all the software components, configuration, and setup necessary to complete the
InCommon Grouper Training course. Each docker image tag coincides with a
particular course, exercise, step, and the overall gte version. For example,
the gte image tag for Grouper Basics 101 is 101.1.1-201906. The docker command
to run the image for the 101 course is:

## Full Demo
``` bash
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
--name 101.1.1 tier/gte:101.1.1-201906
```
docker run -d -p 389:389 -p 8443:443 -p 3306:3306 \
--name grouper-demo tier/grouper-training-env:full_demo

This will start Grouper, a Shibboleth IdP, OpenLDAP, mySQL, and other components. It will take a little while for the container to be ready. You can watch the logs as the various components are coming up with this command:

``` bash
docker logs -f 101.1.1
```

Browse to `https://localhost/grouper`
Once the container is ready, browse to <https://localhost:8443/grouper> to access the Grouper UI and log in with one of the following:

## Exercises
- Grouper Administrator
- username: `banderson`, password: `password`
- Normal User
- username: `jsmith`, password: `password`

```
The container has a few other applications running. phpMyAdmin provides an admin interface to the Grouper mySQL database. phpLDAPadmin provides an admin interface to OpenLDAP. Finally, there is a sample application that displays subject attributes for the user that is logged in.

- phpMyAdmin <https://localhost:8443/phpmyadmin/>
- username: `root`, password: (blank)
- phpLDAPadmin <https://localhost:8443/phpldapadmin/>
- username: `cn=root,dc=internet2,dc=edu`, password: `password`
- Shibboleth SP subject attributes <https://localhost:8443/app>

All of the gte image tags are published to <https://hub.docker.com/r/tier/gte>. To use a particular image tag, run:

``` bash
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
--name gte tier/grouper-training-env:exXXX
--name {coures}.{exercise}.{step} tier/gte:{VERSION_TAG}
```

Current tags:
- ex101.1.1
- ex201.1.1
- ex201.1.end
- ex201.2.1
- ex201.2.end
- ex201.3.1
- ex201.3.end
- ex201.4.1
- ex201.4.end
- ex201.5.1
- ex201.5.end
- ex211.1.1
- ex301.4.1
- ex401.1.1
- ex401.1.2
- ex401.1.3
- ex401.1.4
- ex401.1.5
- ex401.1.6
- ex401.1.end
- ex401.2.1
- ex401.2.2
- ex401.2.3
- ex401.2.4
- ex401.2.5
- ex401.2.6
- ex401.2.7
- ex401.2.8
- ex401.2.9
- ex401.2.end
- ex401.3.1
- ex401.3.2
- ex401.3.3
- ex401.3.4
- ex401.3.5
- ex401.3.6
- ex401.3.7
- ex401.3.end
- ex401.4.1
- ex401.4.end

Browse to `https://localhost:8443/grouper` for Grouper. There is also an app that dumps the SP user attributes at `https://localhost:8443/app`.

# Users
- `banderson`/`password`: Grouper Administrator
- `jsmith`/`password`: standard user
- additional users can be found in <https://github.internet2.edu/docker/grouper_training/blob/master/base/container_files/seed-data/users.ldif#L56>

# Help apps

- phpMyAdmin - https://localhost:8443/phpmyadmin/ - username: `root`, password: (blank)
- phpLDAPadmin - https://localhost:8443/phpldapadmin/ - username: `cn=root,dc=internet2,dc=edu`, password: `password`


# Course specific notes

## Notes for the exercises in 401

Before connecting to your SSH server, be sure to port forward a local port to the server's port `15672` as well.

These exercises require Rabbit MQ to be started. Before starting the ex401 Grouper container, run:
Where {VERSION_TAG} takes the form of {course}.{exercise}.{step}-{version}. For example:

``` bash
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
--name 101.1.1 tier/gte:101.1.1-201906
```
docker run -d -p 15672:15672 --env RABBITMQ_NODENAME=docker-rabbit --hostname rabbitmq --name=rabbitmq rabbitmq:management

More information about Grouper Training can be found on the Internet2 wiki:
<https://spaces.at.internet2.edu/display/Grouper/Grouper+Training+Environment>.

## RabbitMQ for 401 exercises

The 401 exercises require RabbitMQ. Before starting the 401 docker images,
start RabbitMQ and a queue named `grouper`.

``` bash
docker run -d -p 15672:15672 --env RABBITMQ_NODENAME=docker-rabbit \
--hostname rabbitmq --name=rabbitmq rabbitmq:management
```

Now browse to http://localhost:15672/ and login with `guest`/`guest`, and create a new queue named `grouper`.
Then browse to <http://localhost:15672/> and login with `guest`/`guest`, and create a new queue named `grouper`.

Now start the ex401 Grouper with this slightly modified command:
Finally, start the 401 series gte with this slightly modified command:

```bash
``` bash
docker run -d -p 389:389 -p 8443:443 -p 3306:3306 \
--link rabbitmq:rabbitmq --name gte tier/grouper-training-env:exXXX
--link rabbitmq:rabbitmq --name {coures}.{exercise}.{step} tier/gte:{VERSION_TAG}
```
@@ -1,6 +1,10 @@
FROM unicon/shibboleth-idp:3.3.3 as idp
FROM tier/shib-idp:3.4.3_20190201 as idp

FROM tier/grouper:2.4.0-a2-u0-w0-p0-test
# Grouper version for the entire GTE
FROM tier/grouper:2.4.0-a80-u51-w10-p11-20191031-rc1

# Disable docker HEALTHCHECK inherited from tier/shib-sp
HEALTHCHECK NONE

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -9,15 +13,15 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageOS=centos7

ENV ENV=training \
USERTOKEN=3.2.0_base
USERTOKEN=gte-base

RUN yum install -y epel-release \
&& yum install -y emacs mariadb mariadb-server nano openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum clean all

COPY container_files/seed-data/ /seed-data/

RUN mysql_install_db \
RUN mysql_install_db --force \
&& chown -R mysql:mysql /var/lib/mysql/ \
&& sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
&& sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
@@ -79,8 +83,9 @@ COPY container_files/var-www-html/ /var/www/html/
RUN cp /opt/tier-support/grouper.xml /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/ \
&& chown -R tomcat /opt/shibboleth-idp/ \
&& chmod -R 700 /opt/shibboleth-idp/ \
&& chmod +rx /var/www/html/app/index.py
&& chmod +rx /var/www/html/app/index.py \
&& /opt/shibboleth-idp/bin/build.sh

EXPOSE 389 3306 4443

CMD ["grouper"]
CMD ["grouper"]
@@ -0,0 +1,5 @@
# The configuration editor in grouper is very sensitive. If you can only allow certain source IP addresses
# it will add another layer of security. Otherwise allow 0.0.0.0/0 and all will be allowed
# If this configuration item is not filled in, then none are allowed
# you can configure multiple CIDR addresses or networks comma separated, e.g. 1.2.3.4/32, 2.3.4.5/24
grouperUi.configurationEditor.sourceIpAddresses = 0.0.0.0/0
@@ -23,3 +23,33 @@ groups.wheel.group = etc:sysadmingroup
# Used to allow Include Exclude groups
grouperIncludeExclude.use = true
grouperIncludeExclude.requireGroups.use = true

##################################
## Lockout groups. Could be used for other things, but used for policy group templates at least
## if there is no allowed group, then anyone could use it
##################################

# group name of a lockout group
# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.name\\.\\d+$"}
grouper.lockoutGroup.name.0 = ref:iam:global_deny

# allowed to use this lockout group. If not configured, anyone could use
# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.allowedToUse\\.\\d+$"}
# grouper.lockoutGroup.allowedToUse.0 = ref:lockoutCanUse

##################################
## Require groups. Could be used for other things, but used for policy group templates at least
## if there is no allowed group, then anyone could use it
##################################

# group name of a require group
# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
grouper.requireGroup.name.0 = ref:iam:active

# group name of a require group
# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
grouper.requireGroup.name.0 = ref:employee:fac_staff

# allowed to use this require group. If not configured, anyone could use
# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"}
# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse
Binary file not shown.
@@ -0,0 +1,6 @@
# You can define message properties here to override messages defined in
# system/messages/ or to add your own messages.
idp.title = InCommon Trusted Access Platform - Grouper Training Environment
idp.logo = /images/Grouper_204px.png
idp.logo.alt-text = Grouper
idp.footer = InCommon Trusted Access Platform - Grouper Training Environment
@@ -1,4 +1,4 @@
<Context docBase="/opt/shibboleth-idp/webapp"
<Context docBase="/opt/shibboleth-idp/war/idp.war"
privileged="true"
antiResourceLocking="false"
path="/idp">

0 comments on commit f0ce67a

Please sign in to comment.
You can’t perform that action at this time.