From 29df7d26c8998f36b084421d67763eee25a73a26 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 31 Oct 2017 18:14:41 -0500 Subject: [PATCH] Delete configBuilder.sh --- configBuilder.sh | 646 ----------------------------------------------- 1 file changed, 646 deletions(-) delete mode 100755 configBuilder.sh diff --git a/configBuilder.sh b/configBuilder.sh deleted file mode 100755 index f49517c..0000000 --- a/configBuilder.sh +++ /dev/null @@ -1,646 +0,0 @@ -#!/bin/bash - -# script config items -SHB_CFG_URL=https://github.internet2.edu/docker/shib-idp-conftree/archive/3.3release.zip -TOM_CFG_URL=https://github.internet2.edu/docker/shib-idp-tomcat-config/archive/master.zip -TMP_DIR_S=/tmp/3.3release -TMP_DIR_T=/tmp/tomcfg - -# default directories -TOMCFG=config/tomcat -TOMLOG=logs/tomcat -TOMCERT=credentials/tomcat -TOMWWWROOT=wwwroot -SHBCFG=config/shib-idp/conf -SHBCREDS=credentials/shib-idp -SHBVIEWS=config/shib-idp/views -SHBEDWAPP=config/shib-idp/edit-webapp -SHBMSGS=config/shib-idp/messages -SHBMD=config/shib-idp/metadata -SHBLOG=logs/shib-idp - -# logs -LOGFILE=${PWD}/setup.log - -# script variables (do not edit) -ORACLE_JAVA_APPROVAL=None -FQDN=None -SCOPE=None -LDAPURL=None -LDAPBASEDN=None -LDAPDN=None -LDAPPWD=None -SEALERPWD=None -TIER_TESTBED=None -BURNMOUNT=None - - -################################## -### ensure directory structure ### -################################## -mkdir -p config/tomcat -mkdir -p logs/tomcat -mkdir -p credentials/tomcat -mkdir -p wwwroot -mkdir -p config/shib-idp/conf -mkdir -p credentials/shib-idp -mkdir -p config/shib-idp/views -mkdir -p config/shib-idp/edit-webapp -mkdir -p config/shib-idp/messages -mkdir -p config/shib-idp/metadata -mkdir -p logs/shib-idp - - -############################################################## -### download default/TIER config for both shibb and tomcat ### -############################################################## -# -# first, check for wget -command -v wget >/dev/null 2>&1 || { echo >&2 "ERROR: wget is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -wget -q -O ${TMP_DIR_S}.zip ${SHB_CFG_URL} > /dev/null -wget -q -O ${TMP_DIR_T}.zip ${TOM_CFG_URL} > /dev/null - - -###################### -### expand to /tmp ### -###################### -unzip -o -d ${TMP_DIR_S} ${TMP_DIR_S}.zip > /dev/null 2>&1 -unzip -o -d ${TMP_DIR_T} ${TMP_DIR_T}.zip > /dev/null 2>&1 - -################################################################################ -### cp relevant folders from expanded zip to appropriate locations at $PWD/* ### -################################################################################ -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/conf/* ${SHBCFG} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/views/* ${SHBVIEWS} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/edit-webapp/* ${SHBEDWAPP} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/messages/* ${SHBMSGS} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/metadata/* ${SHBMD} -cp -rf ${TMP_DIR_S}/shib-idp-conftree-3.3release/credentials/* ${SHBCREDS} -cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/conf/* ${TOMCFG} -cp -rf ${TMP_DIR_T}/shib-idp-tomcat-config-master/wwwroot/* ${TOMWWWROOT} - - -##################################################### -### ask setup questions to aid in config building ### -##################################################### -# -# Get Oracle license agreement from the user -# -echo "" -echo "The Shibboleth IdP requires that you use Oracle Java. The Docker container " -echo "should be configured to download it for you as part of the Docker image build " -echo "process, but, before we proceed, you must agree to the Oracle Binary Code " -echo "License Agreement for Java SE (\"Oracle License\"). Please review:" -echo "" -echo " http://www.oracle.com/technetwork/java/javase/terms/license/index.html" -echo "" -echo "By agreeing to the Oracle License, you acknowledge that Internet2 is not" -echo "distributing the Java software and, to the extent an issue arises" -echo "related to your use of Oracle Java in the TIER software package, you and" -echo "Internet2 agree to hold each other harmless from any third party claims." -echo "" -# -while [ ${ORACLE_JAVA_APPROVAL} == "None" ]; do - echo -n "Do you agree to the terms of the Oracle license [Yes/No]? " - read response - case $response in - Yes) - ORACLE_JAVA_APPROVAL=$response - ;; - No) - ORACLE_JAVA_APPROVAL=$response - ;; - *) - echo "Please respond with Yes or No" - esac -done -if [ ${ORACLE_JAVA_APPROVAL} != "Yes" ]; then - echo "" - echo "In order to use this implementation of the Shibboleth IdP, you must" - echo "use Oracle Java and thus agree to the terms of the Oracle license." - exit 0 -fi -# -# Get the FQDN of the server -# -echo "" -echo "" -echo "Please supply the Fully Qualified Domain Name (FQDN) of your Shibboleth IdP." -echo "We will use the information you enter here to configure your IdP." -echo "Note: for testing without DNS support (a common case), simply enter" -echo " the IPv4 address of your VM at the prompt below" -echo "" -while [ ${FQDN} == "None" ]; do - echo -n "Enter the FQDN or IP address of your server: " - read response - if [ ${#response} -lt 8 ]; then - echo "Remember, you need a FQDN or IP address" - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - FQDN=$response - ;; - esac -done -#echo "FQDN is: $FQDN" - -# -# Get the Scope used for this IdP -# -echo "" -echo "" -echo "Please supply the correct scope for this IdP." -echo "This is typically your base domain: domain.edu" -echo "Enter your IP address if you are just testing." -echo "" -echo "We will use the information you enter here to configure your IdP." -echo "" -while [ ${SCOPE} == "None" ]; do - echo -n "Enter the Scope for your IdP: " - read response - if [ ${#response} -lt 5 ]; then - echo "Remember, you need domain - domain.edu or similar" - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - SCOPE=$response - ;; - esac -done -#echo "Scope is: $SCOPE" - -# -# Get the LDAP URL for this deployment -# -echo "" -echo "" -echo "Please supply the full LDAP URL for your backend authentication and/or " -echo "attribute store used by your Shibboleth IdP. (e.g. ldap://myldap.domain.edu)" -echo "We will use the information you enter here to configure your IdP." -echo "" -while [ ${LDAPURL} == "None" ]; do - echo -n "Enter the LDAP URL used for your IdP: " - read response - if [ ${#response} -lt 10 ]; then - echo "Remember, you need a full LDAP URL (starts with ldap:// or ldaps://)" - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - LDAPURL=$response - ;; - esac -done -#echo "LDAP URL is: $LDAPURL" - -# -# Get the LDAP BaseDN for this deployment -# -echo "" -echo "" -echo "Please supply the LDAP Base DN for your LDAP Server " -echo " (e.g. ou=people,dc=example,dc=org)." -echo "We will use the information you enter here to configure your IdP." -echo "" -while [ ${LDAPBASEDN} == "None" ]; do - echo -n "Enter the LDAP Base DN used for your LDAP Server: " - read response - if [ ${#response} -lt 10 ]; then - echo "Remember, you need the full LDAP Base DN." - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - LDAPBASEDN=$response - ;; - esac -done -#echo "LDAP Base DN is: $LDAPBASEDN" - -# -# Get the LDAP DN for this deployment -# -echo "" -echo "" -echo "Please supply the full LDAP DN (DistinguishedName) for the account " -echo "used to access your LDAP (only read access is necessary). " -echo "(e.g. uid=myservice,ou=system)" -echo "We will use the information you enter here to configure your IdP." -echo "" -while [ ${LDAPDN} == "None" ]; do - echo -n "Enter the LDAP DN for the service account used by your IdP: " - read response - if [ ${#response} -lt 8 ]; then - echo "Remember, you need the full LDAP DN" - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - LDAPDN=$response - ;; - esac -done -#echo "LDAP DN is: $LDAPDN" - -# -# Get the LDAP PWD for this deployment -# -echo "" -echo "" -echo "Please supply the password for the LDAP DN just specified " -echo "for access your LDAP" -echo "" -echo "We will use the information you enter here to configure your IdP." -echo "" -while [ ${LDAPPWD} == "None" ]; do - echo -n "Enter the password for the account just specified: " - read response - if [ ${#response} -lt 2 ]; then - echo "You should use a stronger password." - continue - fi - echo -n "You entered: ${response} Is this correct [Yes/No]? " - read yesno - case $yesno in - Yes|yes|Y|y) - LDAPPWD=$response - ;; - esac -done - - -# -# Ask the installer about burned versus mountedd config -# -echo "" -echo "" -echo "Would you like your Shibboleth IdP containers to utilize a " -echo "Shibboleth config which has been \"burned\" (copied) into each " -echo "container, or would you like your IdP containers to instead " -echo "mount all of their configuration from the container host's local " -echo "filesystem or would you like to use a hybrid config utilizing secrets (requires a swarm)?" -echo "" -while [ ${BURNMOUNT} == "None" ]; do - echo -n "Please select your choice (please enter either \"burn\" or \"mount\" or \"hybrid\"): " - read response - case $response in - Mount|mount|M|m) - BURNMOUNT=mount - ;; - Burn|burn|B|b) - BURNMOUNT=burn - ;; - Hybrid|hybrid|H|h) - BURNMOUNT=hybrid - ;; - *) - echo "You must choose either \"burn\" or \"mount\" or \"hybrid\"." - esac -done -#echo "Burn/Mount option choice is: $BURNMOUNT" - - -############################################################ -### generate credentials/certs for tomcat and shibboleth ### -############################################################ - -# ensure openssl -command -v openssl >/dev/null 2>&1 || { echo >&2 "ERROR: openssl is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -echo "" -echo "Generating credentials..." -echo "" -# -mkdir -p crypto-work-tmp -cd crypto-work-tmp -#IdP Signing key/cert -openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=${FQDN}" -batch -keyout idp-signing.key -out idp-signing.csr >> ${LOGFILE} 2>&1 -echo '[SAN]' > extensions -echo "subjectAltName=DNS:${FQDN},URI:https://${FQDN}/idp/shibboleth" >>extensions -echo "subjectKeyIdentifier=hash" >> extensions -openssl x509 -req -days 1825 -in idp-signing.csr -signkey idp-signing.key -extensions SAN -extfile extensions -out idp-signing.crt >> ${LOGFILE} 2>&1 -# -# IdP Encryption Key -openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=${FQDN}" -batch -keyout idp-encryption.key -out idp-encryption.csr >> ${LOGFILE} 2>&1 -openssl x509 -req -days 1825 -in idp-encryption.csr -signkey idp-encryption.key -extensions SAN -extfile extensions -out idp-encryption.crt >> ${LOGFILE} 2>&1 -# -cp *.key *.crt ../${SHBCREDS} - -# build self-signed cert for Tomcat to use with https -# -# ensure keytool -command -v keytool >/dev/null 2>&1 || { echo >&2 "ERROR: keytool is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -if test -f ssl_keystore.jks; then - mv ssl_keystore.jks ssl_keystore.jks.old -fi - -cat > data.conf << EOF -${FQDN} -SUBJ_OU -SUBJ_O -SUBJ_CITY -SUBJ_STATE -SUBJ_COUNTRY -yes - - -EOF - -STOREPWD=$(uuidgen) -keytool -genkey -keyalg RSA -alias selfsigned -keystore ssl_keystore.jks -storepass $STOREPWD -validity 360 -keysize 2048 < data.conf >> ${LOGFILE} 2>&1 -cp ssl_keystore.jks ../${TOMCERT}/keystore.jks - -# -# OK, next build the shibboleth sealer java keystore -# -echo "" -echo "Creating Shibboleth sealer keystore" -echo "" -# -rm -f mysealer.jks -SEALERPWD=$(uuidgen) -keytool -genseckey -storetype jceks -alias secret1 -providername SunJCE -keyalg AES -keysize 256 -storepass ${SEALERPWD} -keypass ${SEALERPWD} -keystore mysealer.jks >> ${LOGFILE} 2>&1 -cp mysealer.jks ../${SHBCREDS}/sealer.jks - - -# return to previous work directory -cd .. - - - -############################# -### generate new metadata ### -############################# -CERTFILE=${SHBCREDS}/idp-signing.crt -CERT="$(grep -v '^-----' $CERTFILE)" -ENTITYID=https://${FQDN}/idp/shibboleth/ -BASEURL=https://${FQDN} - -cat > ${SHBMD}/idp-metadata.xml < - - - $SCOPE - - - - - -$CERT - - - - - - - - - - -EOF - - - -############################################################################## -### make needed adjustments to IdP config and Dockerfile and Tomcat config ### -############################################################################## -# -#ensure sed -command -v sed >/dev/null 2>&1 || { echo >&2 "ERROR: sed is required, but doesn't appear to be installed. Aborting..."; exit 1; } - -# set entityID, sealer pwd in idp.properties -echo "" -echo "Updating your IdP config and Dockerfile to match the info" -echo " you supplied and with the auto-generated key password." -echo "" -IDP_PROP=${SHBCFG}/idp.properties - -if test \! -f ${IDP_PROP}.dist; then - cp ${IDP_PROP} ${IDP_PROP}.dist -fi -sed "s/example.org/${SCOPE}/" ${IDP_PROP}.dist > ${IDP_PROP}.tmp -sed "s#Password= changeit#Password= ${SEALERPWD}#" ${IDP_PROP}.tmp > ${IDP_PROP} -rm -f ${IDP_PROP}.tmp -# - -# set ldap URL, baseDN, svcDN, pwd in ldap.properties -LDAP_PROP=${SHBCFG}/ldap.properties -if test \! -f ${LDAP_PROP}.dist; then - cp ${LDAP_PROP} ${LDAP_PROP}.dist -fi -sed "s#ldap://localhost:10389#${LDAPURL}#" ${LDAP_PROP}.dist > ${LDAP_PROP}.tmp -sed "s#uid=myservice,ou=system#${LDAPDN}#" ${LDAP_PROP}.tmp > ${LDAP_PROP}.tmp2 -sed "s#myServicePassword#${LDAPPWD}#" ${LDAP_PROP}.tmp2 > ${LDAP_PROP}.tmp3 -sed "s#ou=people,dc=example,dc=org#${LDAPBASEDN}#" ${LDAP_PROP}.tmp3 > ${LDAP_PROP} - -rm -f ${LDAP_PROP}.tmp -rm -f ${LDAP_PROP}.tmp2 -rm -f ${LDAP_PROP}.tmp3 - -# adjust Dockerfile for java and for a burned-in config, if needed -# -#java first -if test \! -f Dockerfile.dist; then - cp Dockerfile Dockerfile.dist -fi -cat < docker_edit.sed -s/^# ENV /ENV / -s/^# RUN /RUN / -s/^# yum/ yum/ -s/^# rm/ rm/ -s/^# alternatives/ alternatives/ -s/^# http/ http/ -s/^# \&\&/ \&\&/ -EOF -sed -f docker_edit.sed Dockerfile.dist > Dockerfile -rm -f docker_edit.sed - - -if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then - echo "Configuring Docker for burned-in configuration." - - mv -f Dockerfile Dockerfile.setup - cat < docker_edit.sed -s/^## ADD /ADD / -/^VOLUME/,+10 s/^/#/ -EOF - sed -f docker_edit.sed Dockerfile.setup > Dockerfile - rm -f Dockerfile.setup - rm -f docker_edit.sed - -fi - - -# configure SSL keystore password in tomcat's config file: -# conf/tomcat/server.xml replace: keystorePass="password" -# -echo "Updating Tomcat's server.xml with the generated password" - -if test \! -f ${TOMCFG}/server.xml.dist; then - cp ${TOMCFG}/server.xml ${TOMCFG}/server.xml.dist -fi -sed "s#keystorePass=\"password\"#keystorePass=\"${STOREPWD}\"#" ${TOMCFG}/server.xml.dist > ${TOMCFG}/server.xml - - -echo "" -echo "Archiving generated config..." -echo "" -#ensure zip -command -v zip >/dev/null 2>&1 || { echo >&2 "ERROR: zip is required, but doesn't appear to be installed. Aborting..."; exit 1; } -FILENAME=./shib-idp-config_`date +%m%d%Y-%H%M%S`.zip -zip -r ${FILENAME} ./* > /dev/null - - -# if the user chose a hybrid config, then generate a directory containing the config with secrets removed -# copy files -echo "" -echo "Creating sanitized config for hybrid build..." -echo "" -destPath=./ConfigNoSecrets -destPathName=ConfigNoSecrets -# check for rsync -command -v rsync >/dev/null 2>&1 || { echo >&2 "ERROR: rsync is required, but doesn't appear to be installed. Aborting..."; exit 1; } -rsync -a . ${destPath} --exclude ${destPathName} -mkdir -p ${destPath}/SECRETS - -# move secrets -mv -f $destPath/config/shib-idp/conf/idp.properties $destPath/SECRETS/idp.properties > /dev/null -mv -f $destPath/config/shib-idp/conf/ldap.properties $destPath/SECRETS/ldap.properties > /dev/null -mv -f $destPath/credentials/shib-idp/sealer.jks $destPath/SECRETS/sealer.jks > /dev/null -mv -f $destPath/credentials/shib-idp/sealer.kver $destPath/SECRETS/sealer.kver > /dev/null -mv -f $destPath/credentials/shib-idp/idp-signing.key $destPath/SECRETS/idp-signing.key > /dev/null -mv -f $destPath/credentials/shib-idp/idp-signing.crt $destPath/SECRETS/idp-signing.crt > /dev/null -mv -f $destPath/credentials/shib-idp/idp-encryption.key $destPath/SECRETS/idp-encryption.key > /dev/null -mv -f $destPath/credentials/shib-idp/idp-encryption.crt $destPath/SECRETS/idp-encryption.crt > /dev/null -mv -f $destPath/credentials/tomcat/keystore.jks $destPath/SECRETS/keystore.jks > /dev/null -mv -f $destPath/config/shib-idp/conf/relying-party.xml $destPath/SECRETS/relying-party.xml > /dev/null -mv -f $destPath/config/shib-idp/conf/attribute-filter.xml $destPath/SECRETS/attribute-filter.xml > /dev/null -mv -f $destPath/config/shib-idp/conf/attribute-resolver.xml $destPath/SECRETS/attribute-resolver.xml > /dev/null -mv -f $destPath/config/shib-idp/conf/metadata-providers.xml $destPath/SECRETS/metadata-providers.xml > /dev/null - -echo "" -echo Your secrets were removed from the main config and stored in $destPath/SECRETS -echo "" - - - - -############################################################################################################################ -### notify user of next steps (docker build and docker run commands, based on burn/mount and chosen directory locations) ### -############################################################################################################################ -echo "" -echo "Your initial configuration has been successfully setup. The entire configuration has been archived to ${PWD}/shib-idp-config_`date +%m%d%Y-%H%M%S`.zip" -echo "" -echo "" -if [ ${BURNMOUNT} == "burn" ]; then - echo "Since you have elected to use a burned-in config, the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "BUILD" - echo " It will be necessary to specify where to find your config at build-time, " - echo " so that it can be copied into the container." - echo "" - echo " If you are using the default config locations (used/created by the configBuilder.sh script), then the following command would be correct:" - echo " docker build --rm -t my/shibb-idp-tier ." - echo "" - echo " If you have an existing config or otherwise need to supply non-default paths for your config bits, " - echo " that can be done by overriding the default values in the build command like this " - echo " (the values below are all the default values - modify as appropriate):" - echo "" - echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=config/tomcat \\ - --build-arg TOMLOG=logs/tomcat \\ - --build-arg TOMCERT=credentials/tomcat \\ - --build-arg TOMWWWROOT=wwwroot \\ - --build-arg SHBCFG=config/shib-idp/conf \\ - --build-arg SHBCREDS=credentials/shib-idp \\ - --build-arg SHBVIEWS=config/shib-idp/views \\ - --build-arg SHBEDWAPP=config/shib-idp/edit-webapp \\ - --build-arg SHBMSGS=config/shib-idp/messages \\ - --build-arg SHBMD=config/shib-idp/metadata \\ - --build-arg SHBLOG=logs/shib-idp ." - echo "" - echo "" - echo "RUN" - echo "" - echo " docker run -d --name shib-idp -p 8443:8443 my/shibb-idp-tier" -elif [ ${BURNMOUNT} == "hybrid" ]; then - echo "Since you have elected to use a hybrid config, the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "BUILD" - echo " It will be necessary to specify where to find your config at build-time, but with a hybrid config, " - echo " you'll want to point it to a config that has no \"secrets\"" - echo "" - echo "To do this, point an environment variable at the alternate location (created by this script):" - echo " export ALTCFG=ConfigNoSecrets" - echo "" - echo " docker build --rm -t my/shibb-idp-tier --build-arg TOMCFG=${ALTCFG}/config/tomcat \\ - --build-arg TOMLOG=${ALTCFG}/logs/tomcat \\ - --build-arg TOMCERT=${ALTCFG}/credentials/tomcat \\ - --build-arg TOMWWWROOT=${ALTCFG}/wwwroot \\ - --build-arg SHBCFG=${ALTCFG}/config/shib-idp/conf \\ - --build-arg SHBCREDS=${ALTCFG}/credentials/shib-idp \\ - --build-arg SHBVIEWS=${ALTCFG}/config/shib-idp/views \\ - --build-arg SHBEDWAPP=${ALTCFG}/config/shib-idp/edit-webapp \\ - --build-arg SHBMSGS=${ALTCFG}/config/shib-idp/messages \\ - --build-arg SHBMD=${ALTCFG}/config/shib-idp/metadata \\ - --build-arg SHBLOG=${ALTCFG}/logs/shib-idp ." - echo "" - echo "Next, you would create the appropriate docker secrets and run as a swarm service. See documentation wiki for more info." - echo "" -else - echo "Since you have elected to use a mounted config, the steps for " - echo " you to build and run a TIER Shibboleth-IdP container are below." - echo "BUILD" - echo " You can build an image for a mounted config quite simply using a command like this:" - echo " (optionally substitute any tag name (after -t) that is appropriate) " - echo "" - echo " docker build --rm -t my/shibb-idp-tier ." - echo "" - echo "" - echo "RUN" - echo " For a mounted config, you will need to supply your config locations at run-time, like this (assuming the default locations for the local config)." - echo "" - echo " docker run -d --name shib-test1 -p 8443:8443 -v ${PWD}/${TOMCFG}:/usr/local/tomcat/conf \\ - -v ${PWD}/${TOMWWWROOT}:/usr/local/tomcat/webapps/ROOT \\ - -v ${PWD}/${TOMLOG}:/usr/local/tomcat/logs \\ - -v ${PWD}/${TOMCERT}:/opt/certs \\ - -v ${PWD}/${SHBCFG}:/opt/shibboleth-idp/conf \\ - -v ${PWD}/${SHBCREDS}:/opt/shibboleth-idp/credentials \\ - -v ${PWD}/${SHBVIEWS}:/opt/shibboleth-idpviews \\ - -v ${PWD}/${SHBEDWAPP}:/opt/shibboleth-idp/edit-webapp \\ - -v ${PWD}/${SHBMSGS}:/opt/shibboleth-idp/messages \\ - -v ${PWD}/${SHBMD}:/opt/shibboleth-idp/metadata \\ - -v ${PWD}/${SHBLOG}:/opt/shibboleth-idp/logs \\ - my/shibb-idp-tier" - - -fi - - - -################################# -### cleanup/remove temp files ### -################################# -rm -f ${TMP_DIR_S}.zip -rm -rf ${TMP_DIR_S}/* -rmdir ${TMP_DIR_S} - -rm -f ${TMP_DIR_T}.zip -rm -rf ${TMP_DIR_T}/* -rmdir ${TMP_DIR_T} - -rm -rf crypto-work-tmp/* -rmdir crypto-work-tmp