Skip to content
Jump to bottom

fix incorrect changes to Dockerfile #29

Merged
merged 1 commit into from Jan 24, 2018
+59 −83
Merged

fix incorrect changes to Dockerfile #29

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
142 changes: 59 additions & 83 deletions Dockerfile
View file
@@ -5,43 +5,41 @@ FROM centos:centos7
########################
#
##java
ENV JAVA_VERSION=8u162
ENV BUILD_VERSION=b12
ENV JAVA_BUNDLE_ID=0da788060d494f5095bf8624735fa2f1
ENV JAVA_VERSION=8u162 \
BUILD_VERSION=b12 \
JAVA_BUNDLE_ID=0da788060d494f5095bf8624735fa2f1 \
##tomcat
ENV TOMCAT_MAJOR=8
ENV TOMCAT_VERSION=8.0.48
TOMCAT_MAJOR=8 \
TOMCAT_VERSION=8.5.24 \
##shib-idp
ENV VERSION=3.3.2
VERSION=3.3.2 \
##TIER
ENV TIERVERSION=17110
TIERVERSION=18011 \

##################
### OTHER VARS ###
##################
#
#global
ENV IMAGENAME=shibboleth_idp
ENV MAINTAINER=tier
IMAGENAME=shibboleth_idp \
MAINTAINER=tier \
#java
ENV JAVA_HOME=/usr/java/latest
ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
JAVA_HOME=/usr/java/latest \
JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m \
#tomcat
ENV CATALINA_HOME=/usr/local/tomcat
ENV TOMCAT_TGZ_URL=https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz
ENV PATH=$CATALINA_HOME/bin:$JAVA_HOME/bin:$PATH
CATALINA_HOME=/usr/local/tomcat
ENV TOMCAT_TGZ_URL=https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz \
PATH=$CATALINA_HOME/bin:$JAVA_HOME/bin:$PATH \
#shib-idp
ENV SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION
ENV SHIB_PREFIX=shibboleth-identity-provider-$VERSION
SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION \
SHIB_PREFIX=shibboleth-identity-provider-$VERSION

#set labels
LABEL Vendor="Internet2"
LABEL ImageType="Shibboleth IDP Release"
LABEL ImageName=$imagename
LABEL ImageOS=centos7
LABEL Version=$VERSION


LABEL Vendor="Internet2" \
ImageType="Shibboleth IDP Release" \
ImageName=$imagename \
ImageOS=centos7 \
Version=$VERSION

#########################
### BEGIN IMAGE BUILD ###
@@ -52,13 +50,13 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network

# Install base deps
RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cron krb5-workstation openssl-devel wget && \
RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cron krb5-workstation openssl-devel wget supervisor && \
yum -y clean all && \
mkdir -p /opt/tier

mkdir -p /opt/tier && \
# Install Trusted Certificates
RUN update-ca-trust force-enable
update-ca-trust force-enable

ADD container_files/cert/InCommon.crt /etc/pki/ca-trust/source/anchors/
RUN update-ca-trust extract

@@ -84,8 +82,7 @@ RUN update-ca-trust extract

# Uncomment the following commands to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
# ==> By uncommenting these next 8 lines, you agree to the Oracle Binary Code License Agreement for Java SE Platform Products (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
# RUN yum -y install unzip \
# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
# RUN wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
# http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
# && echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 jce_policy-8.zip" | sha256sum -c - \
# && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d $JAVA_HOME/jre/lib/security/ \
@@ -100,74 +97,53 @@ ADD container_files/idp/ldap.merge.properties /tmp/ldap.merge.properties

# Install IdP
RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \
wget -q https://shibboleth.net/downloads/PGP_KEYS \
wget -q https://shibboleth.net/downloads/PGP_KEYS \
$SHIB_RELDIR/$SHIB_PREFIX.tar.gz \
$SHIB_RELDIR/$SHIB_PREFIX.tar.gz.asc \
$SHIB_RELDIR/$SHIB_PREFIX.tar.gz.sha256 && \
$SHIB_RELDIR/$SHIB_PREFIX.tar.gz.asc && \
# Perform verifications
gpg --import PGP_KEYS && \
gpg $SHIB_PREFIX.tar.gz.asc && \
sha256sum --check $SHIB_PREFIX.tar.gz.sha256 && \
gpg --import PGP_KEYS && \
gpg $SHIB_PREFIX.tar.gz.asc && \
gpg --batch --verify $SHIB_PREFIX.tar.gz.asc $SHIB_PREFIX.tar.gz && \
# Unzip
tar xf $SHIB_PREFIX.tar.gz && \
tar xf $SHIB_PREFIX.tar.gz && \
# Install
cd /tmp/shibboleth/$SHIB_PREFIX && \
./bin/install.sh \
-Didp.noprompt=true \
-Didp.property.file=/tmp/idp.installer.properties && \
cd /tmp/shibboleth/$SHIB_PREFIX && \
./bin/install.sh \
-Didp.noprompt=true \
-Didp.property.file=/tmp/idp.installer.properties && \
# Cleanup
rm -rf /tmp/shibboleth


# Install tomcat
RUN mkdir -p "$CATALINA_HOME"

## Not having trouble with this locally [JVF]
## see https://www.apache.org/dist/tomcat/tomcat-8/KEYS
## RUN set -ex \
## && for key in \
## 05AB33110949707C93A279E3D3EFE6B686867BA6 \
## 07E48665A34DCAFAE522E5E6266191C37C037D42 \
## 47309207D818FFD8DCD3F83F1931D684307A10A5 \
## 541FBE7D8F78B25E055DDEE13C370389288584E7 \
## 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
## 713DA88BE50911535FE716F5208B0AB1D63011C7 \
## 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
## 9BA44C2621385CB966EBA586F72C284D731FABEE \
## A27677289986DB50844682F8ACB77FC2E86E29AC \
## A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
## DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
## F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
## F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 \
## ; do \
## gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
## done

#WORKDIR $CATALINA_HOME
RUN set -x \
cd ~ && \
rm -rf /tmp/shibboleth

# Install tomcat
RUN mkdir -p "$CATALINA_HOME" && set -x \
&& wget -q -O $CATALINA_HOME/tomcat.tar.gz "$TOMCAT_TGZ_URL" \
&& wget -q -O $CATALINA_HOME/tomcat.tar.gz.asc "$TOMCAT_TGZ_URL.asc" \
# && gpg --batch --verify $CATALINA_HOME/tomcat.tar.gz.asc $CATALINA_HOME/tomcat.tar.gz \
&& wget -q -O $CATALINA_HOME/KEYS "https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS" \
&& gpg --import $CATALINA_HOME/KEYS \
&& gpg $CATALINA_HOME/tomcat.tar.gz.asc \
&& gpg --batch --verify $CATALINA_HOME/tomcat.tar.gz.asc $CATALINA_HOME/tomcat.tar.gz \
&& tar -xvf $CATALINA_HOME/tomcat.tar.gz -C $CATALINA_HOME --strip-components=1 \
&& rm $CATALINA_HOME/bin/*.bat \
&& rm $CATALINA_HOME/tomcat.tar.gz* \
&& mkdir -p $CATALINA_HOME/conf/Catalina \
&& curl -o /usr/local/tomcat/lib/jstl1.2.jar https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
&& curl -o /usr/local/tomcat/lib/jstl1.2.jar https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar \
&& rm -rf /usr/local/tomcat/webapps/* \
&& ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war

ADD container_files/idp/idp.xml /usr/local/tomcat/conf/Catalina/idp.xml
ADD container_files/tomcat/server.xml /usr/local/tomcat/conf/server.xml
RUN rm -rf /usr/local/tomcat/webapps/* && \
ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war



# Copy TIER helper scripts
ADD container_files/bin/setenv.sh /opt/tier/setenv.sh
RUN chmod +x /opt/tier/setenv.sh
ADD container_files/bin/startup.sh /usr/bin/startup.sh
RUN chmod +x /usr/bin/startup.sh
ADD container_files/bin/setupcron.sh /usr/bin/setupcron.sh
ADD container_files/bin/sendtierbeacon.sh /usr/bin/sendtierbeacon.sh
RUN chmod +x /usr/bin/sendtierbeacon.sh

ADD container_files/system/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN chmod +x /opt/tier/setenv.sh \
&& chmod +x /usr/bin/setupcron.sh \
&& chmod +x /usr/bin/sendtierbeacon.sh \
# setup cron
&& /usr/bin/setupcron.sh

###############################################
### Settings for a mounted config (default) ###
@@ -227,5 +203,5 @@ HEALTHCHECK --interval=2m --timeout=30s \
CMD curl -k -f https://127.0.0.1/idp/status || exit 1


# Start tomcat/crond
CMD ["/usr/bin/startup.sh"]
# Start tomcat/crond via supervisor
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]