diff --git a/Dockerfile b/Dockerfile index 8b8b5f8..aa8a7c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM bigfleet/shibboleth_idp +FROM bigfleet/shibboleth_idp:autoexec ARG maintainer=tier ARG imagename=shibboleth_idp @@ -34,7 +34,14 @@ RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && ln -s /opt/shibboleth/current /opt/shibboleth-idp && \ ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war && \ touch /usr/local/tomcat/logs/voltest && \ - touch /opt/shibboleth/shibboleth-identity-provider-$version/logs/voltest + touch /opt/shibboleth/shibboleth-identity-provider-$version/logs/voltest && \ + mkdir /opt/certs + +COPY ./conf/ /usr/local/tomcat/conf/ +COPY ./certs/gencert.sh /opt/autoexec/onbuild/gencert.sh +# Remove this line once build is cooking +COPY ./container_files/bin/onbuild.sh /opt/autoexec/bin/onbuild.sh +RUN chmod +x /opt/autoexec/onbuild/gencert.sh && /opt/autoexec/bin/onbuild.sh VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"] diff --git a/Jenkinsfile b/Jenkinsfile index 52b34ca..03ef26d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,23 +6,15 @@ node('docker') { stage 'Acquire util' - sh 'mkdir -p bin' - dir('bin'){ + sh 'mkdir -p tmp && mkdir -p bin' + dir('tmp'){ git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ]) - sh 'ls' - sh 'mv bin/* .' + sh 'mv ./bin/* ../bin/.' } + sh 'rm -rf tmp' - stage 'Acquire conftree' - - sh 'mkdir -p root' - dir('root'){ - git([ url: "https://github.internet2.edu/docker/shib-idp-conftree.git", - branch: "test", credentialsId: "jenkins-github-access-token" ]) - } - - stage 'Build' + stage 'Setting build context' def maintainer = maintainer() def imagename = imagename() @@ -38,32 +30,72 @@ node('docker') { if(!imagename){ echo "You must define an imagename in common.bash" currentBuild.result = 'FAILURE' + sh 'exit 1' + } + if(maintainer){ + echo "Building ${imagename}:${tag} for ${maintainer}" + } + + stage 'Acquire conftree' + + sh 'mkdir -p root' + dir('root'){ + git([ url: "https://github.internet2.edu/docker/shib-idp-conftree.git", + branch: "test", credentialsId: "jenkins-github-access-token" ]) } - if(maintainer){ - echo "Building ${maintainer}:${tag} for ${maintainer}" - echo "Building ${maintainer} for ${maintainer}" + + stage 'Build haproxy' + + try{ + dir('haproxy'){ + sh 'docker build --rm -t my/haproxy . > debug' + sh 'rm debug' + } + } catch(error) { + def error_details = readFile('haproxy/debug'); + def message = "BUILD ERROR: There was a problem building Shibboleth appliance haproxy image (${tag}). \n\n ${error_details}" + sh "rm -f haproxy/debug" + handleError(message, tag) } - sh 'bin/rebuild.sh' - - stage 'Start container' + stage 'Build' + try{ + sh 'bin/rebuild.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem building Shibboleth appliance image (${tag}). \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } - sh 'bin/ci-run.sh && sleep 60' + stage 'Compose' + try{ + sh 'bin/compose.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem composing Shibboleth appliance (${tag}). \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } stage 'Tests' - sh 'bin/test.sh' - // should build a finally construct here - stage 'Stop container' + try{ + sh 'bin/test.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem testing Shibboleth appliance :${tag}. \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } - sh 'bin/ci-stop.sh' + stage 'Clean Up' - stage 'Push' + cleanup(tag) - docker.withRegistry('https://registry.hub.docker.com/', 'dockerhub-bigfleet') { - def baseImg = docker.build("$maintainer/$imagename") - baseImg.push("$tag") - } + stage 'Notify' + + slackSend color: 'good', message: "Shibboleth-appliance (${tag}) passes test battery" } @@ -77,7 +109,25 @@ def imagename() { matcher ? matcher[0][1] : null } -def version() { - def matcher = readFile('common.bash') =~ 'version="(.+)"' - matcher ? matcher[0][1] : null +def handleError(String message, String tag, Boolean doCleanup = true){ + echo "${message}" + currentBuild.setResult("FAILED") + slackSend color: 'danger', message: "${message}" + //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true]) + if (doCleanup) { + cleanup(tag) + } + sh 'exit 1' } + +def cleanup(String tag) { + try{ + sh 'bin/decompose.sh &> debug' + sh 'bin/prune.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem cleaning up Shibboleth appliance :${tag}. \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag, false) + } +} \ No newline at end of file diff --git a/bin/compose.sh b/bin/compose.sh new file mode 100755 index 0000000..edb2141 --- /dev/null +++ b/bin/compose.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +echo "Composing" +docker-compose up -d \ No newline at end of file diff --git a/bin/decompose.sh b/bin/decompose.sh new file mode 100755 index 0000000..754e6a4 --- /dev/null +++ b/bin/decompose.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +echo "Decomposing" +docker-compose stop \ No newline at end of file diff --git a/bin/prune.sh b/bin/prune.sh new file mode 100755 index 0000000..2efa97c --- /dev/null +++ b/bin/prune.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +result=$(docker volume ls -qf dangling=true) + +if [ ! -z "$result" ]; then + docker volume rm $result +fi diff --git a/bin/recompose.sh b/bin/recompose.sh new file mode 100755 index 0000000..6749985 --- /dev/null +++ b/bin/recompose.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +source bin/decompose.sh && source bin/destroy.sh && source bin/prune.sh && source bin/build.sh && source bin/compose.sh \ No newline at end of file diff --git a/certs/gencert.sh b/certs/gencert.sh new file mode 100755 index 0000000..abfd8fc --- /dev/null +++ b/certs/gencert.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# +# Generate a self signed certificate +# + + +# Self-signed certificate for development laptops +# ----------------------------------------------- + +cat > data.conf << EOF +IT +IT +IT +IT +IT +IT +yes + + +EOF + +# Everything in one line +$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore /opt/certs/keystore.jks -storepass password -validity 360 -keysize 2048 < data.conf diff --git a/certs/server.crt b/certs/server.crt new file mode 100644 index 0000000..5a54800 --- /dev/null +++ b/certs/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDrDCCApQCCQCqx2/xzYm5ejANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMC +VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUx +DzANBgNVBAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdm +bGVldDEmMCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wHhcN +MTYwODEyMTY0MTMyWhcNMTcwODEyMTY0MTMyWjCBlzELMAkGA1UEBhMCVVMxFzAV +BgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUxDzANBgNV +BAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdmbGVldDEm +MCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe3SNdeVXz0QEvwI8WSKp3XjF1Z6baCbhK +tlxwCexvt1CbtUmvBM6ztDmYwqdMwKvQB/UfVdilgUR8Ywo6VQTQ4pv+xYVAaVTo +AWNR/UD2/F+MriV+kVDLRfeql4os0C96c6yNthe1bQbrT4BZR0eOT7vBi3ozN38G +acUH2+owv2TnzVp27dGW2WIrWxL8G49w+Jy8K/nVdrEr48F/6349NHXizBdycpVG +MIdD62qmBb3SdWezKXmczOlHTLtXhKSZO+bQaYA81sGPkDB7NsUkHV1t8kMBt8sC +MPP4K5BAqIJdigg6nBINIuoa0mdMI37W7phUcLnjg5FsZUn95DMvAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAGhWie1wkXg8V3rG4nGvDLVCFi8V4fPLF5dL5HCULGde +i9Xz+v412qt1kxgDDwlSZ3oRP1z/tKIywRgLD0NcBJYHqzJN+5gg+ZJMHLEn/bOf +CS6H91dWD93vlcdBMhyh/rz1PafBWc+TyaNuvihSz4V7kpUdUQ7ovXwv3yeSJelT +OFzQbjx+roSfFOK7CuIEOee42MAcaqD5LpnGCIujPQgAje3OdyDeofoFA0XehY/Y +QzooAqSqYhomN6G4RFRAiYwXVkhKbeLBdOOs3rjdymcrFSvwWUJKx7EtpUegucEw +krFR4hpkGmKABuhVZp/g1zxzeodkwRyJFrQEecFQIN4= +-----END CERTIFICATE----- diff --git a/certs/server.csr b/certs/server.csr new file mode 100644 index 0000000..169be23 --- /dev/null +++ b/certs/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC3TCCAcUCAQAwgZcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv +bGluYTESMBAGA1UEBxMJQ2hhcmxvdHRlMQ8wDQYDVQQKEwZMZXZ2ZWwxDzANBgNV +BAsTBkRvY2tlcjERMA8GA1UEAxMIYmlnZmxlZXQxJjAkBgkqhkiG9w0BCQEWF2pp +bS52YW4uZmxlZXRAbGV2dmVsLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA3t0jXXlV89EBL8CPFkiqd14xdWem2gm4SrZccAnsb7dQm7VJrwTOs7Q5 +mMKnTMCr0Af1H1XYpYFEfGMKOlUE0OKb/sWFQGlU6AFjUf1A9vxfjK4lfpFQy0X3 +qpeKLNAvenOsjbYXtW0G60+AWUdHjk+7wYt6Mzd/BmnFB9vqML9k581adu3Rltli +K1sS/BuPcPicvCv51XaxK+PBf+t+PTR14swXcnKVRjCHQ+tqpgW90nVnsyl5nMzp +R0y7V4SkmTvm0GmAPNbBj5AwezbFJB1dbfJDAbfLAjDz+CuQQKiCXYoIOpwSDSLq +GtJnTCN+1u6YVHC544ORbGVJ/eQzLwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB +AJ6hDOof0VueZkGT9wIz/5pKJgoTe9kTNnnHfnXitROwxEEF5gyFPICXkALbJkC7 +HqNl+wd/cG010CoeAI5rcoYDvfY5WAmIOXQF2Zo4EV6XgfBwnk/Jz1T6TvryB14o +Pp/jwJzurEi90bCHmxELIJwHQPGxbLdF5ScNTg26xXkt6FI4w9utTzh85Pgmxir6 +7niVc3MvR9eyWVXF3NiakQw9oM8FsfRY2i3c87ugcuH0LDrVUFkz4GqS8vC6N1Ao +L/KAmBvfz25bq+GaXSKb2OQyvNHcM8lquP0vQKsvrs1ecUY4YILBy1yCEGUSxDGM +kH3F2FuaT22hbNM1JxrLo2Q= +-----END CERTIFICATE REQUEST----- diff --git a/certs/server.key b/certs/server.key new file mode 100644 index 0000000..e1de9a0 --- /dev/null +++ b/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3t0jXXlV89EBL8CPFkiqd14xdWem2gm4SrZccAnsb7dQm7VJ +rwTOs7Q5mMKnTMCr0Af1H1XYpYFEfGMKOlUE0OKb/sWFQGlU6AFjUf1A9vxfjK4l +fpFQy0X3qpeKLNAvenOsjbYXtW0G60+AWUdHjk+7wYt6Mzd/BmnFB9vqML9k581a +du3RltliK1sS/BuPcPicvCv51XaxK+PBf+t+PTR14swXcnKVRjCHQ+tqpgW90nVn +syl5nMzpR0y7V4SkmTvm0GmAPNbBj5AwezbFJB1dbfJDAbfLAjDz+CuQQKiCXYoI +OpwSDSLqGtJnTCN+1u6YVHC544ORbGVJ/eQzLwIDAQABAoIBAEDDmLRgP1ckRKkA +11QNd+RKbisFHRq9ul2T0xcH+zqX1gf5zdjbl8nnNNmsr3uBfixtM5GQm+20vBc9 +nMpIzKZ7RAPsmIWYVoE5bgh0hT2BJ681KFY4mncH9SoQ8amGMlXuaZWg9hDWBy24 +o77OFQBJMXHUO4XIudQ+RnC7OrpBSZDIRq9pF4CIAOZ5muWTeK8IHF7CYfMlcz9z +F2y+MbUHYwVstQZlnhHA8zB2jAdy58PhCf44niGSI/ny9ww/ntSpqM/qM6pqv0H6 +GMV/ZA4UhJ7rbDzfUrTVfuJJDZr0X00RjKQBwLYqGA+vegwgyQU0RX0uL+vKHNYz +z5Uba1ECgYEA9BK4Y/ofxZTiXVEc1JM3NsCTPJgySzsgcmvtLh9Md4tXHd9kliW2 +4I2e/Alt6dwXwEOxUV1drc6B+A4Y09KMaAWQRxAsVY5khotChPAIhYXXDir9srEW +nR1Y5pBdMw89PQgIDKBHK9gp+Fo3InxsHN+QdfJmyXDzOvFBRLOgkdkCgYEA6cEY +konEDB7Kd4S7lYKuk1euvFp1XUk5MSXmz2JR6uvB5RaJJNvXBuZB0i60jeUHgA3V +mouwjuX1zsVSRQEtQ37eiQ2p7ivd1j86SlMBRzFxFempGV00IZevXiBxtfnx38Lw +mYYOWMXdX0CsV/HHvUpTrkC1F8rIP1tXj0IhwEcCgYEAq1q1P+OsCLBlWDSJNCkC ++5qqBEGqFa02M37YLqhkrA0UpXFgEhX6VZ63/qS0GRqfRimAROpyyYKRNtDW12gb +kTBOwcV2Cr8Ejn0Yv3Ix2WREvrqqEJlJkha3gm/aLu3FBaMs24hvTzXdCXJ1AO4v +jPncVyJOzaBR85DLTOt7kMkCgYAHoRjHN53hc2PSUM+6ioBeKL94QE+SUuB9/Smy +XRglXbp/WqPxQweanwtI6+NSukXrZQgyuhpyH4lNTV1pCSfMCykCOiLwthfQdVHW +uSzSgQea2nx9anBYJFZB8Tck5FqDnh4yNJDlTtfx0u+NE0Qcpn9isZP3idPNVZLf +Bx6I4wKBgQDagUD7YJ3oX/4mbBmWJ/z7fAWcUqdRC2kwVfOn2qdeRgVNXQD97u0f +ZUw7fH6MSKHkuQsM0UWxex2dxxfJaFH5aF5EqXzlT/9by4Ela9p6GtecyuNPDnm+ +jReIeDTO73BnM0LJNPPyd/CSHvaVEgvVmjjNTkuBYpyk8HVXf/Cd/A== +-----END RSA PRIVATE KEY----- diff --git a/certs/server.pem b/certs/server.pem new file mode 100644 index 0000000..9e047bc --- /dev/null +++ b/certs/server.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIDrDCCApQCCQCqx2/xzYm5ejANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMC +VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUx +DzANBgNVBAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdm +bGVldDEmMCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wHhcN +MTYwODEyMTY0MTMyWhcNMTcwODEyMTY0MTMyWjCBlzELMAkGA1UEBhMCVVMxFzAV +BgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUxDzANBgNV +BAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdmbGVldDEm +MCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe3SNdeVXz0QEvwI8WSKp3XjF1Z6baCbhK +tlxwCexvt1CbtUmvBM6ztDmYwqdMwKvQB/UfVdilgUR8Ywo6VQTQ4pv+xYVAaVTo +AWNR/UD2/F+MriV+kVDLRfeql4os0C96c6yNthe1bQbrT4BZR0eOT7vBi3ozN38G +acUH2+owv2TnzVp27dGW2WIrWxL8G49w+Jy8K/nVdrEr48F/6349NHXizBdycpVG +MIdD62qmBb3SdWezKXmczOlHTLtXhKSZO+bQaYA81sGPkDB7NsUkHV1t8kMBt8sC +MPP4K5BAqIJdigg6nBINIuoa0mdMI37W7phUcLnjg5FsZUn95DMvAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAGhWie1wkXg8V3rG4nGvDLVCFi8V4fPLF5dL5HCULGde +i9Xz+v412qt1kxgDDwlSZ3oRP1z/tKIywRgLD0NcBJYHqzJN+5gg+ZJMHLEn/bOf +CS6H91dWD93vlcdBMhyh/rz1PafBWc+TyaNuvihSz4V7kpUdUQ7ovXwv3yeSJelT +OFzQbjx+roSfFOK7CuIEOee42MAcaqD5LpnGCIujPQgAje3OdyDeofoFA0XehY/Y +QzooAqSqYhomN6G4RFRAiYwXVkhKbeLBdOOs3rjdymcrFSvwWUJKx7EtpUegucEw +krFR4hpkGmKABuhVZp/g1zxzeodkwRyJFrQEecFQIN4= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3t0jXXlV89EBL8CPFkiqd14xdWem2gm4SrZccAnsb7dQm7VJ +rwTOs7Q5mMKnTMCr0Af1H1XYpYFEfGMKOlUE0OKb/sWFQGlU6AFjUf1A9vxfjK4l +fpFQy0X3qpeKLNAvenOsjbYXtW0G60+AWUdHjk+7wYt6Mzd/BmnFB9vqML9k581a +du3RltliK1sS/BuPcPicvCv51XaxK+PBf+t+PTR14swXcnKVRjCHQ+tqpgW90nVn +syl5nMzpR0y7V4SkmTvm0GmAPNbBj5AwezbFJB1dbfJDAbfLAjDz+CuQQKiCXYoI +OpwSDSLqGtJnTCN+1u6YVHC544ORbGVJ/eQzLwIDAQABAoIBAEDDmLRgP1ckRKkA +11QNd+RKbisFHRq9ul2T0xcH+zqX1gf5zdjbl8nnNNmsr3uBfixtM5GQm+20vBc9 +nMpIzKZ7RAPsmIWYVoE5bgh0hT2BJ681KFY4mncH9SoQ8amGMlXuaZWg9hDWBy24 +o77OFQBJMXHUO4XIudQ+RnC7OrpBSZDIRq9pF4CIAOZ5muWTeK8IHF7CYfMlcz9z +F2y+MbUHYwVstQZlnhHA8zB2jAdy58PhCf44niGSI/ny9ww/ntSpqM/qM6pqv0H6 +GMV/ZA4UhJ7rbDzfUrTVfuJJDZr0X00RjKQBwLYqGA+vegwgyQU0RX0uL+vKHNYz +z5Uba1ECgYEA9BK4Y/ofxZTiXVEc1JM3NsCTPJgySzsgcmvtLh9Md4tXHd9kliW2 +4I2e/Alt6dwXwEOxUV1drc6B+A4Y09KMaAWQRxAsVY5khotChPAIhYXXDir9srEW +nR1Y5pBdMw89PQgIDKBHK9gp+Fo3InxsHN+QdfJmyXDzOvFBRLOgkdkCgYEA6cEY +konEDB7Kd4S7lYKuk1euvFp1XUk5MSXmz2JR6uvB5RaJJNvXBuZB0i60jeUHgA3V +mouwjuX1zsVSRQEtQ37eiQ2p7ivd1j86SlMBRzFxFempGV00IZevXiBxtfnx38Lw +mYYOWMXdX0CsV/HHvUpTrkC1F8rIP1tXj0IhwEcCgYEAq1q1P+OsCLBlWDSJNCkC ++5qqBEGqFa02M37YLqhkrA0UpXFgEhX6VZ63/qS0GRqfRimAROpyyYKRNtDW12gb +kTBOwcV2Cr8Ejn0Yv3Ix2WREvrqqEJlJkha3gm/aLu3FBaMs24hvTzXdCXJ1AO4v +jPncVyJOzaBR85DLTOt7kMkCgYAHoRjHN53hc2PSUM+6ioBeKL94QE+SUuB9/Smy +XRglXbp/WqPxQweanwtI6+NSukXrZQgyuhpyH4lNTV1pCSfMCykCOiLwthfQdVHW +uSzSgQea2nx9anBYJFZB8Tck5FqDnh4yNJDlTtfx0u+NE0Qcpn9isZP3idPNVZLf +Bx6I4wKBgQDagUD7YJ3oX/4mbBmWJ/z7fAWcUqdRC2kwVfOn2qdeRgVNXQD97u0f +ZUw7fH6MSKHkuQsM0UWxex2dxxfJaFH5aF5EqXzlT/9by4Ela9p6GtecyuNPDnm+ +jReIeDTO73BnM0LJNPPyd/CSHvaVEgvVmjjNTkuBYpyk8HVXf/Cd/A== +-----END RSA PRIVATE KEY----- diff --git a/common.bash b/common.bash index cd630af..498e7c4 100644 --- a/common.bash +++ b/common.bash @@ -1,3 +1,3 @@ -maintainer="bigfleet" -imagename="shibboleth_idp_runtime" +maintainer="my" +imagename="shibboleth_idp" version="3.2.1" \ No newline at end of file diff --git a/conf/server.xml b/conf/server.xml new file mode 100644 index 0000000..120a612 --- /dev/null +++ b/conf/server.xml @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + diff --git a/container_files/bin/onbuild.sh b/container_files/bin/onbuild.sh new file mode 100755 index 0000000..d6794a5 --- /dev/null +++ b/container_files/bin/onbuild.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +for file in /opt/autoexec/onbuild/* +do + exec "$file" >> /opt/etc/autoexec.build.log +done \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bdcdb65 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,56 @@ +version: '2' + +services: + shibboleth_idp_0: + image: my/shibboleth_idp + container_name: shibboleth_idp_0 + hostname: shibboleth_idp_0 + networks: + - i2network + cap_add: + - ALL + - NET_ADMIN + - SYS_ADMIN + volumes: + - shibboleth_idp_credentials:/tmp/credentials + - ./logs/tomcat:/usr/local/tomcat/logs:rw + - ./logs/shibboleth_idp:/opt/shibboleth/shibboleth-identity-provider-3.2.1/logs:rw + ports: + - "8080:8443" + shibboleth_idp_1: + image: my/shibboleth_idp + container_name: shibboleth_idp_1 + hostname: shibboleth_idp_1 + networks: + - i2network + cap_add: + - ALL + - NET_ADMIN + - SYS_ADMIN + volumes: + - shibboleth_idp_credentials:/tmp/credentials + - ./logs/tomcat:/usr/local/tomcat/logs:rw + - ./logs/shibboleth_idp:/opt/shibboleth/shibboleth-identity-provider-3.2.1/logs:rw + ports: + - "8081:8443" + haproxy: + image: my/haproxy + container_name: haproxy + hostname: haproxy + networks: + - i2network + depends_on: + - shibboleth_idp_1 + - shibboleth_idp_0 + ports: + - "80:80" + - "5533:5533" + - "443:443" + +networks: + i2network: + driver: bridge + +volumes: + shibboleth_idp_credentials: + driver: local \ No newline at end of file diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile new file mode 100644 index 0000000..ab58561 --- /dev/null +++ b/haproxy/Dockerfile @@ -0,0 +1,13 @@ +FROM haproxy + +ARG maintainer=my +ARG imagename=haproxy +ARG version=1.0 + +MAINTAINER $maintainer +LABEL Vendor="Internet2" +LABEL ImageType="haproxy" +LABEL ImageName=$imagename +LABEL ImageOS=centos7 +LABEL Version=$version +copy conf/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg diff --git a/haproxy/conf/haproxy.cfg b/haproxy/conf/haproxy.cfg new file mode 100644 index 0000000..bcb15b5 --- /dev/null +++ b/haproxy/conf/haproxy.cfg @@ -0,0 +1,33 @@ +#Example with SSL PASSTHROUGH +global + log 127.0.0.1 local0 + log 127.0.0.1 local1 notice + +defaults + log global + option httplog + option dontlognull + timeout connect 5000 + timeout client 10000 + timeout server 10000 + +listen stats + bind *:5533 + stats enable + stats uri / + + +frontend localhost + bind *:80 + bind *:443 + option tcplog + mode tcp + default_backend shibboleth_idp + +backend shibboleth_idp + #Define the correct status check + mode tcp + balance roundrobin + option ssl-hello-chk + server shibboleth_idp_0 shibboleth_idp_0:8443 check + server shibboleth_idp_1 shibboleth_idp_1:8443 check diff --git a/tests/image.bats b/tests/image.bats index e3d24d2..b61af96 100644 --- a/tests/image.bats +++ b/tests/image.bats @@ -26,3 +26,8 @@ load ../common result="$(docker run -i $maintainer/$imagename find /usr/local/tomcat/webapps -type d -print0)" [ "$result" == '/usr/local/tomcat/webapps' ] } + + +@test "Java keystore present" { + docker run -i $maintainer/$imagename find /opt/certs/keystore.jks +} \ No newline at end of file diff --git a/tests/running.bats b/tests/running.bats index 4366e99..58236a3 100644 --- a/tests/running.bats +++ b/tests/running.bats @@ -5,21 +5,22 @@ load ../common # These tests assume the pipeline will start and stop the container. @test "Leaves running process" { - result="$(docker ps | grep $imagename)" + result="$(docker ps | grep shibboleth_idp_0)" [ "$result" != '' ] } @test "Exposes running Tomcat service" { - result="$(docker exec -i $imagename curl http://localhost:8080/idp/)" + result="$(docker exec -i shibboleth_idp_0 curl -k https://localhost:8443/idp/)" [ "$result" != '' ] } @test "Service is Shibboleth" { - docker exec -i $imagename curl -silent http://localhost:8080/idp/ | grep 'Shibboleth' + docker exec -i shibboleth_idp_0 curl -k -silent https://localhost:8443/idp/ | grep 'Shibboleth' } @test "Shibboleth status URL is available" { - run docker exec -i $imagename curl -o /dev/null --silent --head --write-out '%{http_code}\n' http://localhost:8080/idp/status + skip + run docker exec -i shibboleth_idp_0 curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://localhost:8443/idp/status echo ${output} [ "$status" -eq 0 ] [ ${output} == *"200"* ]