From 1e22ead7ebbfa157bfe45006c8f1890216ed370c Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 8 Aug 2023 19:51:24 +0000 Subject: [PATCH 1/2] update Grouper to 4.4.0 --- Workbench/docker-compose.yml | 7 ++-- Workbench/grouper_daemon/Dockerfile | 2 +- Workbench/grouper_data/Dockerfile | 40 +++++++------------ .../conf/grouper.hibernate.properties | 4 +- .../container_files/mysql/createSQLuser.sql | 5 --- .../container_files/sql/createSQLuser.sql | 4 ++ Workbench/grouper_ui/Dockerfile | 2 +- Workbench/grouper_ws/Dockerfile | 2 +- 8 files changed, 27 insertions(+), 39 deletions(-) delete mode 100644 Workbench/grouper_data/container_files/mysql/createSQLuser.sql create mode 100644 Workbench/grouper_data/container_files/sql/createSQLuser.sql diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index e6ab89e..362f509 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -165,14 +165,14 @@ services: aliases: - grouper-data ports: - - 3306:3306 + - 45432:5432 healthcheck: - test: curl -s 127.0.0.1:3306 + test: /usr/bin/pg_isready interval: 30s timeout: 30s retries: 3 volumes: - - grouper_data:/var/lib/mysql + - grouper_data:/var/lib/pgsql/data/ directory: build: ./directory/ @@ -620,6 +620,7 @@ secrets: volumes: grouper_data: + grouper_data_2: source_data: comanage_data: comanage_midpoint_data: diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile index 6a4f9b8..b9a458f 100644 --- a/Workbench/grouper_daemon/Dockerfile +++ b/Workbench/grouper_daemon/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.19 +FROM i2incommon/grouper:4.4.0 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile index 56990ae..87662aa 100644 --- a/Workbench/grouper_data/Dockerfile +++ b/Workbench/grouper_data/Dockerfile @@ -1,42 +1,30 @@ -FROM i2incommon/grouper:2.6.19 +FROM i2incommon/grouper:4.4.0 LABEL author="tier-packaging@internet2.edu " RUN yum install -y epel-release \ && yum update -y \ - && yum install -y mariadb-server mariadb \ + && dnf module enable -y postgresql:12 \ + && dnf install -y postgresql-server \ && yum clean all \ && rm -rf /var/cache/yum COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/ COPY container_files/bootstrap/ /tmp/ -COPY container_files/mysql/createSQLuser.sql / +COPY container_files/sql/createSQLuser.sql / -RUN ln -s /usr/bin/resolveip /usr/libexec/resolveip +#setup DB +RUN chown -R postgres:postgres /var/lib/pgsql/ +RUN echo "password" > /db-user-pwd.txt +RUN sudo -u postgres initdb -D /var/lib/pgsql/data/ --username=postgres --pwfile=/db-user-pwd.txt -RUN mysql_install_db \ - && chown -R mysql:mysql /var/lib/mysql/ \ - && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \ - && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \ - && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \ - && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \ - && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \ - && cat /etc/my.cnf \ - && echo "/usr/bin/mysqld_safe &" > /tmp/config \ - && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \ - && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \ - && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \ - && echo "mysql < /createSQLuser.sql" >> /tmp/config \ - && bash /tmp/config \ - && rm -f /tmp/config - -RUN (mysqld_safe & ) \ - && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \ - /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt && \ +#create grouper DB +RUN sudo -u postgres pg_ctl start -D /var/lib/pgsql/data/ \ + && psql -U postgres -f /createSQLuser.sql \ + && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt && \ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh && \ /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh -EXPOSE 3306 - +EXPOSE 5432 -CMD mysqld_safe +CMD sudo -u postgres postgres -D /var/lib/pgsql/data/ diff --git a/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties b/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties index c0a1e47..f7ef3b1 100644 --- a/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties +++ b/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties @@ -20,12 +20,12 @@ # e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper # e.g. postgres: jdbc:postgresql://localhost:5432/database # e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 +hibernate.connection.url = jdbc:postgresql://localhost:5432/grouper hibernate.connection.username = grouper # If you are using an empty password, depending upon your version of # Java and Ant you may need to specify a password of "". # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 hibernate.connection.password = password -registry.auto.ddl.upToVersion = 2.6.* +registry.auto.ddl.upToVersion = 4.*.* diff --git a/Workbench/grouper_data/container_files/mysql/createSQLuser.sql b/Workbench/grouper_data/container_files/mysql/createSQLuser.sql deleted file mode 100644 index f89839f..0000000 --- a/Workbench/grouper_data/container_files/mysql/createSQLuser.sql +++ /dev/null @@ -1,5 +0,0 @@ -CREATE USER 'grouper'@'%' IDENTIFIED BY 'password'; -CREATE USER 'grouper'@'localhost' IDENTIFIED BY 'password'; -GRANT ALL PRIVILEGES ON * . * TO 'grouper'@'%'; -GRANT ALL PRIVILEGES ON * . * TO 'grouper'@'localhost'; -FLUSH PRIVILEGES; diff --git a/Workbench/grouper_data/container_files/sql/createSQLuser.sql b/Workbench/grouper_data/container_files/sql/createSQLuser.sql new file mode 100644 index 0000000..8037ea4 --- /dev/null +++ b/Workbench/grouper_data/container_files/sql/createSQLuser.sql @@ -0,0 +1,4 @@ +CREATE DATABASE grouper; +CREATE USER grouper WITH PASSWORD 'password'; +CREATE SCHEMA grouper; +GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA grouper TO grouper; diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile index caec998..23d49a0 100644 --- a/Workbench/grouper_ui/Dockerfile +++ b/Workbench/grouper_ui/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.19 +FROM i2incommon/grouper:4.4.0 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile index d6b603c..89dd81e 100644 --- a/Workbench/grouper_ws/Dockerfile +++ b/Workbench/grouper_ws/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.19 +FROM i2incommon/grouper:4.4.0 LABEL author="tier-packaging@internet2.edu " From 7e560ed4f0c5a1fe82fc9f69944fe2feacc77fa3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 9 Aug 2023 16:29:53 +0000 Subject: [PATCH 2/2] update grouper and midpoint --- .../grouper/application/grouper.hibernate.properties | 6 +++--- Workbench/docker-compose.yml | 8 ++++---- Workbench/grouper_daemon/Dockerfile | 4 +++- Workbench/grouper_data/Dockerfile | 12 +++++++----- .../container_files/sql/createSQLuser.sql | 6 +++--- Workbench/grouper_ui/Dockerfile | 3 ++- Workbench/grouper_ws/Dockerfile | 4 +++- Workbench/midpoint_server/Dockerfile | 2 +- Workbench/webproxy/container_files/httpd/index.html | 4 ++-- 9 files changed, 28 insertions(+), 21 deletions(-) diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties index 0806802..8bbdef1 100755 --- a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties +++ b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties @@ -20,12 +20,12 @@ # e.g. hsqldb (b): jdbc:hsqldb:hsql://localhost:9001/grouper # e.g. postgres: jdbc:postgresql://localhost:5432/database # e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper -hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 +hibernate.connection.url = jdbc:postgresql://grouper-data:5432/grouper -hibernate.connection.username = grouper +hibernate.connection.username = grouper # If you are using an empty password, depending upon your version of # Java and Ant you may need to specify a password of "". # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 # hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') } -hibernate.connection.password = password +hibernate.connection.password = password diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 362f509..ddc83d0 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: grouper_daemon: build: ./grouper_daemon/ - command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon" + command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon" depends_on: - grouper_data - directory @@ -48,7 +48,7 @@ services: context: ./grouper_ui/ args: - CSPHOSTNAME - command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui" + command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui" depends_on: - grouper_data - directory @@ -109,7 +109,7 @@ services: target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties grouper_ws: build: ./grouper_ws/ - command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws" + command: bash -c "while ! nc -z grouper_data 5432; do echo waiting for pgsql to start; sleep 3; done; while ! nc -z directory 389; do echo waiting for ldap to start; sleep 3; done; exec ws" depends_on: - grouper_data - directory @@ -248,7 +248,7 @@ services: - comanage_midpoint_data:/var/lib/postgresql/data data_init: - image: i2incommon/midpoint:4.6 + image: i2incommon/midpoint:4.7.1 command: > bash -c " chmod 777 /opt/mp-pw/ ; diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile index b9a458f..79fb8cf 100644 --- a/Workbench/grouper_daemon/Dockerfile +++ b/Workbench/grouper_daemon/Dockerfile @@ -1,4 +1,6 @@ -FROM i2incommon/grouper:4.4.0 +FROM i2incommon/grouper:4.5.2 LABEL author="tier-packaging@internet2.edu " +RUN yum -y install netcat + diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile index 87662aa..0811c3d 100644 --- a/Workbench/grouper_data/Dockerfile +++ b/Workbench/grouper_data/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:4.4.0 +FROM i2incommon/grouper:4.5.2 LABEL author="tier-packaging@internet2.edu " @@ -21,10 +21,12 @@ RUN sudo -u postgres initdb -D /var/lib/pgsql/data/ --username=postgres --pwfile #create grouper DB RUN sudo -u postgres pg_ctl start -D /var/lib/pgsql/data/ \ && psql -U postgres -f /createSQLuser.sql \ - && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt && \ - /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh && \ - /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh + && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \ + && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh \ + && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh + +RUN echo "host all all 0.0.0.0/0 trust" >> /var/lib/pgsql/data/pg_hba.conf EXPOSE 5432 -CMD sudo -u postgres postgres -D /var/lib/pgsql/data/ +CMD sudo -u postgres postgres -c listen_addresses='*' -D /var/lib/pgsql/data/ diff --git a/Workbench/grouper_data/container_files/sql/createSQLuser.sql b/Workbench/grouper_data/container_files/sql/createSQLuser.sql index 8037ea4..7827999 100644 --- a/Workbench/grouper_data/container_files/sql/createSQLuser.sql +++ b/Workbench/grouper_data/container_files/sql/createSQLuser.sql @@ -1,4 +1,4 @@ +CREATE USER grouper PASSWORD 'password'; CREATE DATABASE grouper; -CREATE USER grouper WITH PASSWORD 'password'; -CREATE SCHEMA grouper; -GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA grouper TO grouper; +GRANT ALL PRIVILEGES ON DATABASE grouper TO grouper; +ALTER DATABASE grouper OWNER TO grouper; diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile index 23d49a0..2e8d2a5 100644 --- a/Workbench/grouper_ui/Dockerfile +++ b/Workbench/grouper_ui/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:4.4.0 +FROM i2incommon/grouper:4.5.2 LABEL author="tier-packaging@internet2.edu " @@ -7,6 +7,7 @@ ENV CSPHOSTNAME=$CSPHOSTNAME ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0' RUN yum -y update +RUN yum -y install netcat COPY container_files/shibboleth/idp-metadata.xml /etc/shibboleth/ diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile index 89dd81e..09b2663 100644 --- a/Workbench/grouper_ws/Dockerfile +++ b/Workbench/grouper_ws/Dockerfile @@ -1,7 +1,9 @@ -FROM i2incommon/grouper:4.4.0 +FROM i2incommon/grouper:4.5.2 LABEL author="tier-packaging@internet2.edu " +RUN yum -y install netcat + COPY container_files/web.xml /opt/grouper/grouperWebapp/WEB-INF/ COPY container_files/tomcat-users.xml /opt/tomee/conf/ COPY container_files/server.xml /opt/tomee/conf/ diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile index 191fdfb..b41ea7c 100644 --- a/Workbench/midpoint_server/Dockerfile +++ b/Workbench/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/midpoint:4.6 +FROM i2incommon/midpoint:4.7.1 ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html index 1d8da5e..ce9d316 100644 --- a/Workbench/webproxy/container_files/httpd/index.html +++ b/Workbench/webproxy/container_files/httpd/index.html @@ -9,8 +9,8 @@

Welcome to the InCommon TAP Workbench!

The system contains the following TAP components (click the links to access each component in its own tab):