From 63a48cb295cbe55180e09dc4424be5fc51687e17 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 13 Jun 2018 14:44:48 -0400 Subject: [PATCH 1/3] new Zulu Java/Tomcat 9 --- Dockerfile | 53 ++++++----- Jenkinsfile | 92 +++++++++++++++++++ common.bash | 3 + container_files/tomcat/keystore.jks | Bin 0 -> 2243 bytes container_files/tomcat/robots.txt | 3 + container_files/tomcat/server.xml | 136 ++-------------------------- 6 files changed, 139 insertions(+), 148 deletions(-) create mode 100644 Jenkinsfile create mode 100644 common.bash create mode 100644 container_files/tomcat/keystore.jks create mode 100644 container_files/tomcat/robots.txt diff --git a/Dockerfile b/Dockerfile index aeda570..a828b5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,8 @@ ENV JAVA_VERSION=8u171 \ BUILD_VERSION=b11 \ JAVA_BUNDLE_ID=512cd62ec5174c3487ac17c61aaa89e8 \ ##tomcat \ - TOMCAT_MAJOR=8 \ - TOMCAT_VERSION=8.5.31 \ + TOMCAT_MAJOR=9 \ + TOMCAT_VERSION=9.0.8 \ ##shib-idp \ VERSION=3.3.3 \ ##TIER \ @@ -23,7 +23,7 @@ ENV JAVA_VERSION=8u171 \ IMAGENAME=shibboleth_idp \ MAINTAINER=tier \ #java \ - JAVA_HOME=/usr/java/latest \ + JAVA_HOME=/usr \ JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m \ #tomcat \ CATALINA_HOME=/usr/local/tomcat @@ -53,7 +53,8 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \ && echo "NETWORKING=yes" > /etc/sysconfig/network # Install base deps -RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ +#RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ +RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && \ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \ yum -y clean all && \ mkdir -p /opt/tier && \ @@ -72,7 +73,13 @@ RUN update-ca-trust extract ##### ENV TIER_BEACON_OPT_OUT True -# Install java/JCE +# Install Zulu Java +RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ + && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \ + && yum -y install zulu-8 + + +# Install Oracle java/JCE # # Uncomment the following commands to download the JDK to your Shibboleth IDP image. # ==> By uncommenting these next 6 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html) @@ -94,9 +101,9 @@ RUN update-ca-trust extract # && chmod -R 640 $JAVA_HOME/jre/lib/security/ # Copy IdP installer properties file(s) -ADD container_files/idp/idp.installer.properties /tmp/idp.installer.properties -ADD container_files/idp/idp.merge.properties /tmp/idp.merge.properties -ADD container_files/idp/ldap.merge.properties /tmp/ldap.merge.properties +ADD container_files/idp/idp.installer.properties container_files/idp/idp.merge.properties container_files/idp/ldap.merge.properties /tmp/ +#ADD container_files/idp/idp.merge.properties /tmp/idp.merge.properties +#ADD container_files/idp/ldap.merge.properties /tmp/ldap.merge.properties # Install IdP RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \ @@ -145,8 +152,9 @@ RUN cd /usr/local/tomcat/; \ chmod +r bin/log4j-*.jar; ADD container_files/tomcat/log4j2.xml /usr/local/tomcat/conf/ ADD container_files/tomcat/setenv.sh /usr/local/tomcat/bin/ - - +RUN mkdir -p /usr/local/tomcat/webapps/ROOT +ADD container_files/tomcat/robots.txt /usr/local/tomcat/webapps/ROOT +ADD container_files/tomcat/keystore.jks /opt/certs/ # Copy TIER helper scripts ADD container_files/system/startup.sh /usr/bin/ @@ -161,20 +169,23 @@ RUN chmod +x /opt/tier/setenv.sh \ # setup cron && /usr/bin/setupcron.sh +#set cron to not require a login session +RUN sed -i '/session required pam_loginuid.so/c\#session required pam_loginuid.so' /etc/pam.d/crond + ############################################### ### Settings for a mounted config (default) ### ############################################### -VOLUME ["/usr/local/tomcat/conf", \ - "/usr/local/tomcat/webapps/ROOT", \ - "/usr/local/tomcat/logs", \ - "/opt/certs", \ - "/opt/shibboleth-idp/conf", \ - "/opt/shibboleth-idp/credentials", \ - "/opt/shibboleth-idp/views", \ - "/opt/shibboleth-idp/edit-webapp", \ - "/opt/shibboleth-idp/messages", \ - "/opt/shibboleth-idp/metadata", \ - "/opt/shibboleth-idp/logs"] +#VOLUME ["/usr/local/tomcat/conf", \ +# "/usr/local/tomcat/webapps/ROOT", \ +# "/usr/local/tomcat/logs", \ +# "/opt/certs", \ +# "/opt/shibboleth-idp/conf", \ +# "/opt/shibboleth-idp/credentials", \ +# "/opt/shibboleth-idp/views", \ +# "/opt/shibboleth-idp/edit-webapp", \ +# "/opt/shibboleth-idp/messages", \ +# "/opt/shibboleth-idp/metadata", \ +# "/opt/shibboleth-idp/logs"] ################################################# diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..0c04d9d --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,92 @@ +// Licensed to the University Corporation for Advanced Internet Development, +// Inc. (UCAID) under one or more contributor license agreements. See the +// NOTICE file distributed with this work for additional information regarding +// copyright ownership. The UCAID licenses this file to You under the Apache +// License, Version 2.0 (the "License"); you may not use this file except in +// compliance with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +node('docker') { + + stage 'Checkout' + + checkout scm + + stage 'Acquire util' + + sh 'mkdir -p tmp && mkdir -p bin' + dir('tmp'){ + git([ url: "https://github.internet2.edu/docker/util.git", + credentialsId: "jenkins-github-access-token" ]) + sh 'mv ./bin/* ../bin/.' + } + sh 'rm -rf tmp' + + stage 'Setting build context' + + def maintainer = maintainer() + def imagename = imagename() + def tag + + // Tag images created on master branch with 'latest' + if(env.BRANCH_NAME == "master"){ + tag = "latest" + }else{ + tag = env.BRANCH_NAME + } + + if(!imagename){ + echo "You must define an imagename in common.bash" + currentBuild.result = 'FAILURE' + } + if(maintainer){ + echo "Building ${imagename}:${tag} for ${maintainer}" + } + + stage 'Build' + try{ + sh 'bin/rebuild.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message) + } + + stage 'Push' + + docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") { + def baseImg = docker.build("$maintainer/$imagename") + baseImg.push("$tag") + } + + stage 'Notify' + + slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub" + +} + +def maintainer() { + def matcher = readFile('common.bash') =~ 'maintainer="(.+)"' + matcher ? matcher[0][1] : 'tier' +} + +def imagename() { + def matcher = readFile('common.bash') =~ 'imagename="(.+)"' + matcher ? matcher[0][1] : null +} + +def handleError(String message){ + echo "${message}" + currentBuild.setResult("FAILED") + slackSend color: 'danger', message: "${message}" + sh 'exit 1' +} + diff --git a/common.bash b/common.bash new file mode 100644 index 0000000..7ff214b --- /dev/null +++ b/common.bash @@ -0,0 +1,3 @@ +maintainer="tier" +imagename="shib-idp" + diff --git a/container_files/tomcat/keystore.jks b/container_files/tomcat/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..6a28c4f5976bc812fcf863151ea1096a983c86e1 GIT binary patch literal 2243 zcmcgt`8(7L7oQnJ7)vt~*>_pe^c~Asv%SW?O~?{LhL^F9n2^+v-JmSlx)DN#WGTr` zM0A;4TQj&SBwR~npI5!_eV+Rlygz(?_?+`O&vTy7InOyqt4FIK5D0P%@Go$N;RAfa z{CtD(-p8Sz^^>FR18$`_o5ORlNn5xj3)!29KOasS z`8N5xxu0)jB0rZpoHPkiU_n0+E!ZSHaItX3#!+Buu~vIr_f&Qoa?NY(t2S=_r31S@ z<>N$%$9=9sV?%_nrOC$f#uF@UZl4UlHWHs)!&0JOiN|<&#LL?%-q4FN39=VKR2^Uj zW36`frj5?`6p$-qbgP41i7cH;;no6JN|(~J(2;jBpOnRso^aO*#bD4r=J(2qA%#}Q ziFlr;H2e9zh@sJopUYoodF=1twfN!$EvJLcR*DkiwH8}e*8QfX`K?q~`Gu7JylU>I ztGnVB?m)=`u=`{#yAQ}6L*(iwDHRFVry12Z(FeFl4X;nnv?JArs-D_iQVyQ=C4@6? z{>A?iV=kh)m_&*)a~R7PsPusW8TW@IMETC}NL0`fp?9+abnz&)kP3QPc zFyi}TVWw=;d+hUb(o0hkYBG~0ReJsZx-HGrZjWki9alMQYc^oimIX4l#rc+O&fbhj zShnvqVo9-on-;RUQ)lhuBTWz-j+b}#Oj#DBoJoHDd%LoLGc%=QF}I1(@}<<)e>}!L zCvin=H8n2Kswy@Pnp%={k1c)s5iTZb5;ZkeQ$R#HdM#2ZyTeS2_V0fd@2U3c7fQ35 z7(x^*UQn)}g+v*Pud1j7c$+G;o%3Lci{gJzX?{IZuWzrV71F)L)g3(JyTA3cSH3-R zQ-6L$o}x5x^2<6oyX%ga#`XONb8QW~ILDw_%Ey_qyt(~$QQtFid3jVcN3*@Kf_q`8 zxw_$ik=|rc=6?1B!eI1cVP}KYsJ2u^r{Bm~(FM`GJemSRai(zv+2r4-+n_E1Ek|3kBz7K!@Xkl36jl<;X)Ke#Sa#ZO*T$XyXI>cm$yV zQS4IBCw_k`s(MH+wvl*$jjG~Whv>;toDYx2-MI5DS>u~$PbqcxNki8GsAnU6JUTjH ztAz#^8Z@Qr=!{+^v`XKSmB6b{F{x?PqX7QE8^(7R<-j>QhLN#1jB22CLe`v;?aDiU zfGWVdR;QW>N*9ebA=GJ@d3P{~3xZaQU`Gd3Ao~}1UZsmBOx<8u-PA}Qm$_O+rbr9l z@UEV1%B=n)d%tQyIkI`8xsiH-N6oe%0HT-q0@n9Br_FotH@LKy2)b-wK{%YksS`CL zJ#Ommg6k@QoU|FnW6GVvNP}a>vv9Cwy`P249*GGWafFnYdnizD8ALXO5fP{Cm8 zHN5n@446`p`Xe608rBOhA1*BDR=JYYtO73x4(n>C5f?K!o~zSQ46le9J2{gK0+=_$~bGV4;JG!Q$nQ+xNb1yV=54WKGGR`&$j3JSsf*HmUV+ zCA52t%8K_H7czc!k*hg3>6O-;M2#EO_{#W?!d4lbsi>JB0u>2DwF=}Q&nc{M0cF3! zjubMtV6s<-$cbs!%>qr^;ie+8Qq-Et2x7HjV`;uUs8c~UHQq8Mzm6lT6G{!x1c6vc z0GTBWAVV%cWPyMo5NKHV{1L#-#-W&Cn(%`g42H3S0Dm+L;9z5MfU+SW4t9SN_Fn`J z@czu4K(ZSIMUwuFC*skk0L0G_ClZFe?im;ofS0f#`u<%7Lqg2#(E*Uviy zh5xS%6-@L6#7=XgH2@4+1+9U`s9{`Ab1VO(!2js~wHGp2>Yr8|KMEEym=^?)!JH5> z7!3L?m?$!qkGI2+B=i6#d!yi+q}zjRx+i3K>zQlxZV z5GsIi6x}rn<#j$$TC%FR%gKDC7)x#9-7w8bcB;T=%)@;tASNCgDgqL|X!`?7J z6u!70oj6JqWz`X%D=O)hE_RvYJr-!eYAo8EM~~TX3tf3}1c5leE}XESSd=#;>vg5F z<|l#8_hW>#wdxErEYH!tCnNn6!sll$l0lYw5rI;`XCeBC)@Zk;OVPI_8t3+5rI4K`fE8amAHgE_A;LfS7s+F6KPX!(b778z<@@a_xK9!1Sp+97QzAs zfgec%;(+M!G(~x!{LoXy2JbnRN~9J1$2PJP{>W!E7hfd()5PO_IyMmudY~;AucgdM zrK>2Xg10@@VPC7Un#!jSPP<$WaywS5|ut*;Fu}S@Y6T(kq{CCi5n>pmDdQgcm~Gnbu}JH>W+^t7pJs zz@vrvzDL@!w9UJ3FCgk-YwQf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - \ No newline at end of file + + From 2e1d7363a498ff0fa3b2655067abb526315ef5b2 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Thu, 14 Jun 2018 15:18:00 -0400 Subject: [PATCH 2/3] bump TIER version --- Dockerfile | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index a828b5a..3687798 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ ENV JAVA_VERSION=8u171 \ ##shib-idp \ VERSION=3.3.3 \ ##TIER \ - TIERVERSION=180502 \ + TIERVERSION=180601 \ ################## \ ### OTHER VARS ### \ ################## \ @@ -53,8 +53,7 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \ && echo "NETWORKING=yes" > /etc/sysconfig/network # Install base deps -#RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ -RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && \ +RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \ yum -y clean all && \ mkdir -p /opt/tier && \ @@ -79,9 +78,9 @@ RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ && yum -y install zulu-8 -# Install Oracle java/JCE +# To use Oracle java/JCE # -# Uncomment the following commands to download the JDK to your Shibboleth IDP image. +# Uncomment the following commands to download the Oracle JDK to your Shibboleth IDP image. # ==> By uncommenting these next 6 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html) # RUN wget -nv --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-$BUILD_VERSION/$JAVA_BUNDLE_ID/jdk-$JAVA_VERSION-linux-x64.rpm" -O /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \ # yum -y install /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \ @@ -90,7 +89,7 @@ RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ # alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \ # alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000 -# Uncomment the following commands to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. +# For Oracle Java, also uncomment the following commands to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. # ==> By uncommenting these next 7 lines, you agree to the Oracle Binary Code License Agreement for Java SE Platform Products (http://www.oracle.com/technetwork/java/javase/terms/license/index.html) # RUN wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \ # http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \ @@ -102,8 +101,6 @@ RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ # Copy IdP installer properties file(s) ADD container_files/idp/idp.installer.properties container_files/idp/idp.merge.properties container_files/idp/ldap.merge.properties /tmp/ -#ADD container_files/idp/idp.merge.properties /tmp/idp.merge.properties -#ADD container_files/idp/ldap.merge.properties /tmp/ldap.merge.properties # Install IdP RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \ @@ -200,17 +197,17 @@ RUN sed -i '/session required pam_loginuid.so/c\#session required pam_ # they represent the folder names/paths on your build host of the relevant config material needed to run the container # The paths below must be relative to (subdirectories of) the directory where the Dockerfile is located. # The paths below are just the default values. They are typically overriden by "build-args" in the 'docker build' command. -ARG TOMCFG=config/tomcat -ARG TOMLOG=logs/tomcat -ARG TOMCERT=credentials/tomcat -ARG TOMWWWROOT=wwwroot -ARG SHBCFG=config/shib-idp/conf -ARG SHBCREDS=credentials/shib-idp -ARG SHBVIEWS=config/shib-idp/views -ARG SHBEDWAPP=config/shib-idp/edit-webapp -ARG SHBMSGS=config/shib-idp/messages -ARG SHBMD=config/shib-idp/metadata -ARG SHBLOG=logs/shib-idp +#ARG TOMCFG=config/tomcat +#ARG TOMLOG=logs/tomcat +#ARG TOMCERT=credentials/tomcat +#ARG TOMWWWROOT=wwwroot +#ARG SHBCFG=config/shib-idp/conf +#ARG SHBCREDS=credentials/shib-idp +#ARG SHBVIEWS=config/shib-idp/views +#ARG SHBEDWAPP=config/shib-idp/edit-webapp +#ARG SHBMSGS=config/shib-idp/messages +#ARG SHBMD=config/shib-idp/metadata +#ARG SHBLOG=logs/shib-idp # ## ADD ${TOMCFG} /usr/local/tomcat/conf ## ADD ${TOMCERT} /opt/certs From 623e856f4026fdcf3d5dfd3d56c170133519ad44 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Mon, 18 Jun 2018 15:06:39 -0400 Subject: [PATCH 3/3] add java alternatives cmd --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3687798..0254fed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,7 +75,7 @@ RUN update-ca-trust extract # Install Zulu Java RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \ && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \ - && yum -y install zulu-8 + && yum -y install zulu-8 && alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 200000 # To use Oracle java/JCE