Merge pull request internet2#152 from internet2/pc_July23

merge pc_July23: updates to midpoint and Grouper

Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties

@@ -20,12 +20,12 @@
 # e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
 # e.g. postgres:        jdbc:postgresql://localhost:5432/database
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:postgresql://grouper-data:5432/grouper
 
-hibernate.connection.username         = grouper
+hibernate.connection.username = grouper
 # If you are using an empty password, depending upon your version of
 # Java and Ant you may need to specify a password of "".
 # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
 # hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
-hibernate.connection.password         = password
+hibernate.connection.password = password
 

Workbench/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.3"
 services:
   grouper_daemon:
     build: ./grouper_daemon/
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
+    command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
     depends_on:
      - grouper_data
      - directory
@@ -48,7 +48,7 @@ services:
       context: ./grouper_ui/
       args:
         - CSPHOSTNAME
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
+    command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
     depends_on:
      - grouper_data
      - directory
@@ -109,7 +109,7 @@ services:
        target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
   grouper_ws:
     build: ./grouper_ws/
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
+    command: bash -c "while ! nc -z grouper_data 5432; do echo waiting for pgsql to start; sleep 3; done; while ! nc -z directory 389; do echo waiting for ldap to start; sleep 3; done; exec ws"
     depends_on:
      - grouper_data
      - directory
@@ -165,14 +165,14 @@ services:
         aliases:
          - grouper-data
     ports:
-     - 3306:3306
+     - 45432:5432
     healthcheck:
-      test: curl -s 127.0.0.1:3306
+      test: /usr/bin/pg_isready
       interval: 30s
       timeout: 30s
       retries: 3
     volumes:
-     - grouper_data:/var/lib/mysql  
+     - grouper_data:/var/lib/pgsql/data/
 
   directory:
     build: ./directory/
@@ -248,7 +248,7 @@ services:
      - comanage_midpoint_data:/var/lib/postgresql/data
 
   data_init:
-    image: i2incommon/midpoint:4.6
+    image: i2incommon/midpoint:4.7.1
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -620,6 +620,7 @@ secrets:
 
 volumes:
   grouper_data:
+  grouper_data_2:
   source_data:
   comanage_data:
   comanage_midpoint_data:

Workbench/grouper_daemon/Dockerfile

@@ -1,4 +1,6 @@
-FROM i2incommon/grouper:2.6.19
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
+RUN yum -y install netcat
+

Workbench/grouper_data/Dockerfile

@@ -1,42 +1,32 @@
-FROM i2incommon/grouper:2.6.19
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
 RUN yum install -y epel-release \
     && yum update -y \
-    && yum install -y mariadb-server mariadb \
+    && dnf module enable -y postgresql:12 \
+    && dnf install -y postgresql-server \
     && yum clean all \
     && rm -rf /var/cache/yum
 
 COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
 COPY container_files/bootstrap/ /tmp/
-COPY container_files/mysql/createSQLuser.sql /
-
-RUN ln -s /usr/bin/resolveip /usr/libexec/resolveip
-
-RUN mysql_install_db \
-    && chown -R mysql:mysql /var/lib/mysql/ \
-    && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
-    && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
-    && cat  /etc/my.cnf \
-    && echo "/usr/bin/mysqld_safe &" > /tmp/config \
-    && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
-    && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \
-    && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
-    && echo "mysql < /createSQLuser.sql" >> /tmp/config \
-    && bash /tmp/config \
-    && rm -f /tmp/config
-
-RUN (mysqld_safe & ) \
-    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 1; done; \
-    /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt && \
-    /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh && \
-    /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh
-
-EXPOSE 3306
-
-
-CMD mysqld_safe
+COPY container_files/sql/createSQLuser.sql /
+
+#setup DB
+RUN chown -R postgres:postgres /var/lib/pgsql/ 
+RUN echo "password" > /db-user-pwd.txt
+RUN sudo -u postgres initdb -D /var/lib/pgsql/data/ --username=postgres --pwfile=/db-user-pwd.txt
+
+#create grouper DB
+RUN sudo -u postgres pg_ctl start -D /var/lib/pgsql/data/ \
+    && psql -U postgres -f /createSQLuser.sql \
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh \
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh
+
+RUN echo "host    all             all             0.0.0.0/0            trust" >> /var/lib/pgsql/data/pg_hba.conf
+
+EXPOSE 5432
+
+CMD sudo -u postgres postgres -c listen_addresses='*' -D /var/lib/pgsql/data/

Workbench/grouper_data/container_files/conf/grouper.hibernate.properties

@@ -20,12 +20,12 @@
 # e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
 # e.g. postgres:        jdbc:postgresql://localhost:5432/database
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:postgresql://localhost:5432/grouper
 
 hibernate.connection.username         = grouper
 # If you are using an empty password, depending upon your version of
 # Java and Ant you may need to specify a password of "".
 # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
 hibernate.connection.password = password
-registry.auto.ddl.upToVersion = 2.6.*
+registry.auto.ddl.upToVersion = 4.*.*
 

Workbench/grouper_data/container_files/sql/createSQLuser.sql

@@ -0,0 +1,4 @@
+CREATE USER grouper PASSWORD 'password';
+CREATE DATABASE grouper;
+GRANT ALL PRIVILEGES ON DATABASE grouper TO grouper;
+ALTER DATABASE grouper OWNER TO grouper;

Workbench/grouper_ui/Dockerfile

@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.19
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
@@ -7,6 +7,7 @@ ENV CSPHOSTNAME=$CSPHOSTNAME
 ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'
 
 RUN yum -y update
+RUN yum -y install netcat
 
 COPY container_files/shibboleth/idp-metadata.xml /etc/shibboleth/
 

Workbench/grouper_ws/Dockerfile

@@ -1,7 +1,9 @@
-FROM i2incommon/grouper:2.6.19
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
+RUN yum -y install netcat
+
 COPY container_files/web.xml /opt/grouper/grouperWebapp/WEB-INF/
 COPY container_files/tomcat-users.xml /opt/tomee/conf/
 COPY container_files/server.xml /opt/tomee/conf/

Workbench/midpoint_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM i2incommon/midpoint:4.6
+FROM i2incommon/midpoint:4.7.1
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

Workbench/webproxy/container_files/httpd/index.html

@@ -9,8 +9,8 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system contains the following TAP components (click the links to access each component in its own tab):
 
 <ul>
-<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.19)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.6)</a></li>
+<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (4.5.2)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.7.1)</a></li>
 <ul><li><a href="https://__CSPHOSTNAME__/midPoint-doc.html" target="TAP-WB-MIDPOINT-CONFIG">Technical doc on midPoint's configuration</a></li></ul>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.1.0)</a></li>
 <li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.18.0)</a></li>