add test-compose example

test-compose/README.md

@@ -0,0 +1,9 @@
+The test-compose directory contains an example Shibboleth IdP environment that starts up the IdP, along with an LDAP directory. This example demonstrates how one might go about customizing and deploying their own local IdP containers, using the TIER Shibboleth IdP image as a base image.
+
+In this example, the following cases are covered by this example:
+
+ldap - The IdP uses an LDAP example directory as both the authentication source and attribute source.
+
+It should be noted that while this example uses Docker Compose as a build and deployment vehicle, ideally one should use a CI server to build and publish institution specific images to an image repository as changes to the institution's customizations are committed to the source repository. These images would then be deployed to Docker Swarm, assuming that the appropriate Docker Secrets and Configs have been published to the swarm.
+
+

test-compose/compose.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+docker-compose up --build -d
+
+echo ""
+echo "If everything above was successful, your IdP metadata can be retreived with this command (after a minute or two):"
+echo "                    curl -k https://127.0.0.1/idp/shibboleth"
+echo ""
+echo "By default, this test IdP is pre-integrated with the samltest.id testing service."
+echo ""
+echo "If you are testing the default test config and have port 443 open,"
+echo " map your IP to idp.example.edu in your hosts file,"
+echo " then proceed to https://samltest.id/start-idp-test to test this IdP test instance."
+echo ""
+

test-compose/data/Dockerfile

@@ -0,0 +1,35 @@
+FROM tier/shib-idp:latest
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN yum install -y epel-release \
+    && yum update -y \
+    && yum install -y 389-ds-base 389-admin 389-adminutil \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+RUN useradd ldapadmin \
+    && rm -fr /var/lock /usr/lib/systemd/system \
+    # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \
+    && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \
+    # Not doing SELinux \
+    && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \
+    # Do not restart at the end \
+    && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
+    && setup-ds.pl --silent --file /seed-data/ds-setup.inf \
+    && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \ 
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
+
+RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done;
+
+EXPOSE 389
+
+HEALTHCHECK --interval=1m --timeout=10s \
+  CMD cat < /dev/null > /dev/tcp/127.0.0.1/389 || exit 1
+
+CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/errors
+

test-compose/data/container_files/seed-data/ds-setup.inf

@@ -0,0 +1,29 @@
+[General]
+AdminDomain = internet2.edu
+ConfigDirectoryAdminID = admin
+ConfigDirectoryAdminPwd = admin
+ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
+FullMachineName = localhost
+ServerRoot = /usr/lib64/dirsrv
+SuiteSpotGroup = nobody
+SuiteSpotUserID = nobody
+
+[admin]
+Port = 9830
+ServerAdminID = admin
+ServerAdminPwd = admin
+ServerIpAddress = 0.0.0.0
+SysUser = nobody
+
+[slapd]
+AddOrgEntries = Yes
+AddSampleEntries = No
+InstallLdifFile = suggest
+RootDN = cn=Directory Manager
+RootDNPwd = password
+ServerIdentifier = dir
+ServerPort = 389
+SlapdConfigForMC = yes
+Suffix = dc=internet2,dc=edu
+UseExistingMC = No
+