Integrate latest changes to midPoint container

These changes are: Zulu JVM, logging fixes, TIER Beacon. The crond is now running in foreground to avoid "can't lock /var/run/crond.pid" messages.
docker · Sep 21, 2018 · 949d264 · 949d264
1 parent 96fc61d
commit 949d264
Show file tree

Hide file tree

Showing 11 changed files with 161 additions and 23 deletions.
diff --git a/midpoint/.env b/midpoint/.env
@@ -12,3 +12,4 @@ KEYSTORE_PASSWORD_FILE=/run/secrets/m_keystore_password.txt
 MEM=2048m
 LOGOUT_URL=https://localhost:8443/Shibboleth.sso/Logout
 SSO_HEADER=uid
+TIER_BEACON_ENABLED=true
diff --git a/midpoint/midpoint-server/Dockerfile b/midpoint/midpoint-server/Dockerfile
@@ -6,19 +6,38 @@ FROM tier/shibboleth_sp
 
 MAINTAINER info@evolveum.com
 
-RUN yum -y install java-1.8.0-openjdk
-
-RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
-
+RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
+RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
+RUN yum -y update
+RUN yum -y install \
+ 	zulu-8 \
+        cron \
+        supervisor \
+	libcurl \
+	&& yum clean -y all
+
+RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem \
+    && cd /etc/httpd/conf.d/ \
+    && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf
+
+COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
 COPY container_files/httpd/conf/* /etc/httpd/conf.d/
 COPY container_files/shibboleth/* /etc/shibboleth/
 COPY container_files/usr-local-bin/* /usr/local/bin/
+COPY container_files/opt-tier/* /opt/tier/
+
+RUN chmod 755 /opt/tier/setenv.sh \
+    && chmod 755 /usr/local/bin/send-tier-beacon.sh \
+    && chmod 755 /usr/local/bin/setup-cron.sh \
+    && chmod 755 /usr/local/bin/start-midpoint.sh \
+    && chmod 755 /usr/local/bin/start-httpd-shib.sh \
+    && chmod 755 /usr/local/bin/start-all.sh
 
 RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
     && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
     && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
-    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
+    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
+    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
     && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
     && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
 
@@ -67,4 +86,13 @@ ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout
 ENV KEYSTORE_PASSWORD_FILE /run/secrets/m_keystore_password.txt
 ENV MEM 2048m
 
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+ENV TIER_RELEASE=test-non-release
+ENV TIER_MAINTAINER=tier
+ENV TIER_BEACON_ENABLED=true
+
+RUN pwd
+
+# requires MP_VERSION and TIER_xyz variables so we have to execute it here
+RUN /opt/tier/setenv.sh
+
+CMD ["/usr/local/bin/start-all.sh"]
diff --git a/midpoint/midpoint-server/container_files/opt-tier/setenv.sh b/midpoint/midpoint-server/container_files/opt-tier/setenv.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^MP_VERSION" > /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIER_RELEASE" >> /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIER_MAINTAINER" >> /opt/tier/env.bash
+
+echo "/opt/tier/env.bash is:"
+cat /opt/tier/env.bash
diff --git a/midpoint/midpoint-server/container_files/shibboleth/native.logger b/midpoint/midpoint-server/container_files/shibboleth/native.logger
@@ -28,12 +28,12 @@ log4j.category.XMLTooling.libcurl=INFO
 # define the appender
 
 log4j.appender.native_log=org.apache.log4j.FileAppender
-log4j.appender.native_log.fileName=/tmp/logpipe
+log4j.appender.native_log.fileName=/tmp/logshib
 log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/tmp/logpipe
+log4j.appender.warn_log.fileName=/tmp/logshib
 log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 log4j.appender.warn_log.threshold=WARN
diff --git a/midpoint/midpoint-server/container_files/shibboleth/shibd.logger b/midpoint/midpoint-server/container_files/shibboleth/shibd.logger
@@ -42,18 +42,18 @@ log4j.additivity.Shibboleth-TRANSACTION=false
 # define the appenders
 
 log4j.appender.shibd_log=org.apache.log4j.FileAppender
-log4j.appender.shibd_log.fileName=/tmp/logpipe
+log4j.appender.shibd_log.fileName=/tmp/logshib
 log4j.appender.shibd_log.maxFileSize=0
 log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.tran_log=org.apache.log4j.FileAppender
-log4j.appender.tran_log.fileName=/tmp/logpipe
+log4j.appender.tran_log.fileName=/tmp/logshib
 log4j.appender.tran_log.maxFileSize=0
 log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/tmp/logpipe
+log4j.appender.sig_log.fileName=/tmp/logshib
 log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m
diff --git a/midpoint/midpoint-server/container_files/supervisor/supervisord.conf b/midpoint/midpoint-server/container_files/supervisor/supervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+logfile=/tmp/logsuperd
+logfile_maxbytes=0
+loglevel=error
+nodaemon=true
+user=root
+
+[program:httpd-shib]
+command=/bin/bash -c "/usr/local/bin/start-httpd-shib.sh"
+stdout_logfile=/tmp/loghttpd
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:midpoint]
+command=/bin/bash -c "/usr/local/bin/start-midpoint.sh"
+stdout_logfile=/dev/fd/2
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:tier-beacon]
+command=/usr/sbin/crond -n -i -m off
+stdout_logfile=/tmp/logcrond
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+autorestart=false
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/send-tier-beacon.sh b/midpoint/midpoint-server/container_files/usr-local-bin/send-tier-beacon.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+LOGHOST="localhost"
+LOGPORT="80"
+
+if [ -s /opt/tier/env.bash ]; then
+  . /opt/tier/env.bash
+fi
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+    cat > $messagefile <<EOF
+{
+    "msgType"          : "TIERBEACON",
+    "msgName"          : "TIER",
+    "msgVersion"       : "1.0",
+    "tbProduct"        : "MIDPOINT",
+    "tbProductVersion" : "$MP_VERSION",
+    "tbTIERRelease"    : "$TIER_RELEASE",
+    "tbMaintainer"     : "$TIER_MAINTAINER"
+}
+EOF
+
+#    echo `date`": going to send TIER beacon to ${LOGHOST}:${LOGPORT}:"
+#    cat $messagefile
+
+    curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        echo `date`": TIER beacon sent"
+    else
+        echo `date`": Failed to send TIER beacon"
+    fi
+
+    rm -f $messagefile 1>/dev/null 2>&1
+
+fi
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/setup-cron.sh b/midpoint/midpoint-server/container_files/usr-local-bin/setup-cron.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+CRONFILE=/opt/tier/cronfile
+
+if [ "$TIER_BEACON_ENABLED" == "true" ]; then
+    echo "#send daily \"beacon\" to central" > ${CRONFILE}
+#    echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/send-tier-beacon.sh >> /tmp/logcrond 2>&1" >> ${CRONFILE}
+    echo "* * * * * /usr/local/bin/send-tier-beacon.sh >> /tmp/logcrond 2>&1" >> ${CRONFILE}		# for testing
+else
+    echo "#beacon is disabled" > ${CRONFILE}
+fi
+
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/start-all.sh b/midpoint/midpoint-server/container_files/usr-local-bin/start-all.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# normalizing logging variables as required by TIER
+export ENV=${ENV//[; ]/_}
+export USERTOKEN=${USERTOKEN//[; ]/_}
+
+/usr/local/bin/setup-cron.sh
+
+# generic console logging pipe for anyone
+mkfifo -m 666 /tmp/logpipe
+cat <> /tmp/logpipe 1>&2 &
+
+mkfifo -m 666 /tmp/loghttpd
+(cat <> /tmp/loghttpd  | awk '{printf "%s\n", $0; fflush()}' 1>/tmp/logpipe) &
+
+mkfifo -m 666 /tmp/logshib
+(cat <> /tmp/logshib  | awk '{printf "%s\n", $0; fflush()}' 1>/tmp/logpipe) &
+
+mkfifo -m 666 /tmp/logcrond
+(cat <> /tmp/logcrond  | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "crond;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
+
+mkfifo -m 666 /tmp/logsuperd
+(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
+
+mkfifo -m 666 /tmp/logtomcat
+(cat <> /tmp/logtomcat | awk -v ENV="$ENV" -v USERTOKEN="$USERTOKEN" '{printf "tomcat;console;%s;%s;%s\n", ENV, USERTOKEN, $0; fflush()}' 1>/tmp/logpipe) &
+
+/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/start-httpd-shib.sh b/midpoint/midpoint-server/container_files/usr-local-bin/start-httpd-shib.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+echo "Linking secrets and config files; using authentication: $AUTHENTICATION"
+ln -sf /run/secrets/m_sp-key.pem /etc/shibboleth/sp-key.pem
+ln -sf /run/secrets/m_host-key.pem /etc/pki/tls/private/host-key.pem
+ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf
+
+httpd-shib-foreground
diff --git a/...ntainer_files/usr-local-bin/entrypoint.sh → ...ner_files/usr-local-bin/start-midpoint.sh b/...ntainer_files/usr-local-bin/entrypoint.sh → ...ner_files/usr-local-bin/start-midpoint.sh
@@ -1,16 +1,5 @@
 #!/bin/bash
 
-# normalizing logging variables as required by TIER
-export ENV=${ENV//[; ]/_}
-export USERTOKEN=${USERTOKEN//[; ]/_}
-
-echo "Linking secrets and config files; using authentication: $AUTHENTICATION"
-ln -sf /run/secrets/m_sp-key.pem /etc/shibboleth/sp-key.pem
-ln -sf /run/secrets/m_host-key.pem /etc/pki/tls/private/host-key.pem
-ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf
-
-httpd-shib-foreground &
-
 if [ "$AUTHENTICATION" = "shibboleth" ]; then
   LOGOUT_URL_DIRECTIVE="-Dauth.logout.url=$LOGOUT_URL"
 else
@@ -35,4 +24,5 @@ java -Xmx$MEM -Xms2048m -Dfile.encoding=UTF8 \
        $LOGOUT_URL_DIRECTIVE \
        -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
        -Dserver.tomcat.ajp.port=$AJP_PORT \
+       -Dlogging.path=/tmp/logtomcat \
        -jar $MP_DIR/lib/midpoint.war