Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #143 from docker/latest5
merge latest5 branch
  • Loading branch information
pcaskey committed Sep 30, 2024
2 parents f9dc810 + 2d4d130 commit 4ab2396
Show file tree
Hide file tree
Showing 14 changed files with 368 additions and 78 deletions.
9 changes: 4 additions & 5 deletions Dockerfile
@@ -1,16 +1,16 @@
FROM --platform=$TARGETPLATFORM rockylinux:8.9
FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10

########################
### VERSION SETTINGS ###
########################
#
##tomcat \
ENV TOMCAT_MAJOR=10 \
TOMCAT_VERSION=10.1.18 \
TOMCAT_VERSION=10.1.30 \
##shib-idp \
VERSION=5.0.0 \
VERSION=5.1.3 \
##TIER \
TIERVERSION=20240124_rocky8_multiarch \
TIERVERSION=20240930_rocky8_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
Expand Down Expand Up @@ -95,7 +95,6 @@ RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \
./bin/install.sh \
--noPrompt true \
--propertyFile /tmp/idp.installer.properties && \

# Cleanup
cd ~ && \
rm -rf /tmp/shibboleth
Expand Down
2 changes: 1 addition & 1 deletion container_files/idp/idp.installer.properties
@@ -1,4 +1,4 @@
idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.0.0
idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.3
idp.target.dir=/opt/shibboleth-idp
idp.host.name=idp.example.org
idp.sealer.password=changeit
Expand Down
33 changes: 18 additions & 15 deletions container_files/idp/rotateSealerKey.sh
Expand Up @@ -16,22 +16,17 @@ then
exit 1
fi

# Default JAVA_HOME if not already set
if [ -d "${JAVA_HOME:=/usr}" ]
then
export JAVA_HOME=${JAVA_HOME:=/usr}
else
echo "ERROR: JAVA_HOME Directory does not exist: ${JAVA_HOME:=/usr}" >&2
exit 1
fi

function get_config {
# Key to lookup (escape . for regex lookup)
local KEY=${1:?"No key provided to look up value"}
# Passed default value
local DEFAULT="${2:-}"
# Lookup key, strip spaces, replace idp.home with IDP_HOME value
local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/conf/idp.properties)
if [ -z "$RESULT" ]
then
local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/credentials/secrets.properties)
fi
# Set if no result with default - exit if no default
echo ${RESULT:-${DEFAULT:?"No value in config and no default defined for: '${KEY}'"}}
}
Expand All @@ -48,12 +43,19 @@ then
sync_hosts=$(get_config idp.sealer._sync_hosts ${HOSTNAME})

# Run the keygen utility
${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
--storefile "${storefile}" \
--storepass "${storepass}" \
--versionfile "${versionfile}" \
--alias "${alias}" \
--count "${count}"
${0%/*}/seckeygen.sh \
--storefile "${storefile}" \
--storepass "${storepass}" \
--versionfile "${versionfile}" \
--alias "${alias}" \
--count "${count}"

# ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
# --storefile "${storefile}" \
# --storepass "${storepass}" \
# --versionfile "${versionfile}" \
# --alias "${alias}" \
# --count "${count}"

# Display current version
echo "INFO: $(tac "${versionfile}" | tr "\n" " ")" >&2
Expand All @@ -73,3 +75,4 @@ then
done

fi

39 changes: 25 additions & 14 deletions test-compose/data/Dockerfile
@@ -1,19 +1,24 @@
FROM centos:centos7
FROM rockylinux:8.9

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

# Set UTC Timezone & Networking
RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network

# Install base deps
RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \
yum -y clean all && \
mkdir -p /opt/tier && \
# Install Trusted Certificates
update-ca-trust force-enable

RUN dnf module enable -y php:7.4
RUN yum install -y epel-release \
&& yum update -y \
&& yum install -y phpldapadmin mod_ssl net-tools wget epel-release yum-utils php php-common php-opcache php-cli php-gd mod_php php-pgsql php-curl php-zip php-mbstring \
&& yum clean all \
&& rm -rf /var/cache/yum
RUN yum module enable -y 389-ds:1.4
RUN yum install -y 389-ds-base 389-ds-base-devel 389-ds-base-legacy-tools
RUN yum install --allowerasing -y curl-full libcurl-full
RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.9.rpm
RUN yum --enablerepo=remi,remi-test install -y phpMyAdmin
RUN yum install -y php71-php-mcrypt

COPY container_files/seed-data/ /seed-data/

RUN useradd ldapadmin \
Expand All @@ -25,17 +30,23 @@ RUN useradd ldapadmin \
# Do not restart at the end \
&& sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
&& setup-ds.pl --silent --file /seed-data/ds-setup.inf \
&& /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
&& /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/ldappublickey-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/voperson-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/voposixaccount-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapadd -c -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password

RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done;
RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.localdomain" -batch -keyout /etc/pki/tls/private/localhost.key -out localhost.csr
RUN openssl x509 -req -days 1825 -in localhost.csr -signkey /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
RUN mkdir -p /run/php-fpm/

EXPOSE 389

HEALTHCHECK --interval=1m --timeout=10s \
CMD cat < /dev/null > /dev/tcp/127.0.0.1/389 || exit 1

CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/errors
CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && php-fpm -D && httpd -DFOREGROUND && sleep infinity

69 changes: 69 additions & 0 deletions test-compose/data/container_files/seed-data/data.ldif
@@ -0,0 +1,69 @@
dn: cn=admin,dc=internet2,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator

dn: uid=banderson,ou=People,dc=internet2,dc=edu
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Bob Anderson
sn: Anderson
givenName: Bob
userPassword: password
description: LDAP administrator

dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Affiliations

dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Courses

dn: ou=midpoint,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: midpoint

dn: ou=Generic,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Generic

dn: cn=users,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
cn: users

dn: cn=sysadmingroup,ou=midpoint,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
cn: sysadmingroup

dn: ou=Guests,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Guests

dn: uid=aguest,ou=Guests,dc=internet2,dc=edu
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Andy Guest
sn: Aguest
mail: andyaguestcspuser@workbench.incommon.org
givenName: Andy
userPassword: password
description: A guest user

2 changes: 1 addition & 1 deletion test-compose/data/container_files/seed-data/ds-setup.inf
Expand Up @@ -16,7 +16,7 @@ ServerIpAddress = 0.0.0.0
SysUser = nobody

[slapd]
AddOrgEntries = Yes
AddOrgEntries = No
AddSampleEntries = No
InstallLdifFile = suggest
RootDN = cn=Directory Manager
Expand Down
30 changes: 30 additions & 0 deletions test-compose/data/container_files/seed-data/edumember-obj.ldif
@@ -0,0 +1,30 @@
#
# eduMember Objectclass
#
#
# "eduMember" attributes
#
dn: cn=schema
changetype: modify
#
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.1
NAME 'isMemberOf'
DESC 'identifiers for groups to which containing entity belongs'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.2
NAME 'hasMember'
DESC 'identifiers for entities that are members of the group'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
#
add: objectclasses
objectClasses: ( 1.3.6.1.4.1.5923.1.5.2 NAME 'eduMember'
AUXILIARY
MAY ( isMemberOf $ hasMember )
)
#
# end of LDIF
#
29 changes: 29 additions & 0 deletions test-compose/data/container_files/seed-data/ldappublickey-obj.ldif
@@ -0,0 +1,29 @@
#
# ldapPublicKey Objectclass
#
#
# ldapPublicKey attribute
#
dn: cn=schema
changetype: modify
#
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13
NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
#
add: objectclasses
objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
DESC 'MANDATORY: OpenSSH LPK objectclass'
SUP top
AUXILIARY
MUST ( sshPublicKey $ uid )
)
#
# end of LDIF
#

30 changes: 0 additions & 30 deletions test-compose/data/container_files/seed-data/users.ldif
@@ -1,10 +1,3 @@
dn: cn=admin,dc=internet2,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator

dn: uid=jsmith,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
Expand All @@ -16,29 +9,6 @@ sn: Smith
cn: John Smith
userPassword: password

dn: uid=banderson,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Bob
uid: banderson
sn: Anderson
cn: Bob Anderson
userPassword: password

dn: cn=users,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
cn: users






dn: uid=kwhite,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
Expand Down

0 comments on commit 4ab2396

Please sign in to comment.