initial commit

Dockerfile

@@ -0,0 +1,99 @@
+FROM tier/shibboleth_idp
+
+ARG maintainer=tier
+ARG imagename=shibboleth_idp
+ARG version=3.3.1
+ENV VERSION=$version
+ENV IMAGENAME=$imagename
+ENV MAINTAINER=$maintainer
+
+# ensure the following locations are accurate if you plan to burn your configuration into your containers by uncommenting the relevant section below
+# they represent the folder names/paths on your build host of the relevant config material needed to run the container
+ARG TOMCFG=config/tomcat
+ARG TOMLOG=logs/tomcat
+ARG TOMCERT=credentials/tomcat
+ARG TOMWWWROOT=wwwroot
+ARG SHBCFG=config/shib-idp/conf
+ARG SHBCREDS=credentials/shib-idp
+ARG SHBVIEWS=config/shib-idp/views
+ARG SHBEDWAPP=config/shib-idp/edit-webapp
+ARG SHBMSGS=config/shib-idp/messages
+ARG SHBMD=config/shib-idp/metadata
+ARG SHBLOG=logs/shib-idp
+
+
+
+# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
+# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage) and version (3.3.1-17040, etc) 
+#   once daily between midnight and 4am.  There is no configuration or private information collected or sent.  
+# This data helps with the scalaing and funding of TIER.  Please do not disable it if you find the TIER tools useful.
+# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
+#####     ENV TIER_BEACON_OPT_OUT True
+
+
+
+# Uncomment the following commands to download the JDK to your Shibboleth IDP image.  
+#     ==> By uncommenting these next 11 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
+ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
+ENV JAVA_VERSION 8u131
+ENV BUILD_VERSION b11
+ENV JAVA_BUNDLE_ID d54c1d3a095b4ff2b6607d096fa80163
+ENV JAVA_HOME /usr/java/latest
+RUN wget -nv --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-$BUILD_VERSION/$JAVA_BUNDLE_ID/jdk-$JAVA_VERSION-linux-x64.rpm" -O /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
+    yum -y install /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
+    rm -f /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
+    alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
+    alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
+    alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
+
+# Uncomment the following commands to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.  
+#     ==> By uncommenting these next 8 lines, you agree to the Oracle Binary Code License Agreement for Java SE Platform Products (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
+RUN yum -y install unzip \
+    && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
+    http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
+    && echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59  jce_policy-8.zip" | sha256sum -c - \
+    && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d $JAVA_HOME/jre/lib/security/ \
+    && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d $JAVA_HOME/jre/lib/security/ \
+    && rm jce_policy-8.zip \
+    && chmod -R 640 $JAVA_HOME/jre/lib/security/
+
+
+RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && \
+    rm -rf /usr/local/tomcat/webapps/* && \
+    ANT_OPTS="-Didp.target.dir=/opt/shibboleth/current" /opt/shibboleth/current/bin/build.sh && \
+    ln -s /opt/shibboleth/current /opt/shibboleth-idp && \
+    ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war
+
+# for a mounted config
+VOLUME ["/usr/local/tomcat/conf", \
+	    "/usr/local/tomcat/webapps/ROOT", \
+		"/usr/local/tomcat/logs", \
+		"/opt/certs", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/conf", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/credentials", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/views", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/messages", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata", \
+		"/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"]
+
+#
+# for a burned config, *uncomment* the COPY lines below and *comment* the lines of the VOLUME command above
+#
+# consider not doing the volumes below as it creates a run-time dependency and a better solution might be to use syslog from the container
+# VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth-idp/logs"]
+#
+## COPY ${TOMCFG} /usr/local/tomcat/conf
+## COPY ${TOMCERT} /opt/certs
+## COPY ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
+## COPY ${SHBCFG} /opt/shibboleth/shibboleth-identity-provider-$VERSION/conf
+## COPY ${SHBCREDS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/credentials
+## COPY ${SHBVIEWS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/views
+## COPY ${SHBEDWAPP} /opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp
+## COPY ${SHBMSGS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/messages
+## COPY ${SHBMD} /opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata
+
+
+EXPOSE 8443
+
+CMD ["/usr/bin/startup.sh"]