Merge branch 'shibboleth-integration' of https://github.internet2.edu…

…/TIER/midPoint_container into shibboleth-integration
slavek · Sep 21, 2018 · b08b6f3 · b08b6f3
2 parents 09e3307 + 95756d4
commit b08b6f3
Show file tree

Hide file tree

Showing 12 changed files with 121 additions and 220 deletions.
diff --git a/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/shibboleth2.xml b/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/shibboleth2.xml
diff --git a/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/sp-cert.pem b/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/sp-cert.pem
diff --git a/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/sp-key.pem b/grouper-midpoint/mp-gr/configs-and-secrets/shibboleth/sp-key.pem
diff --git a/grouper-midpoint/mp-gr/midpoint-server/Dockerfile b/grouper-midpoint/mp-gr/midpoint-server/Dockerfile
@@ -9,33 +9,41 @@ MAINTAINER info@evolveum.com
 RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
 RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
 RUN yum -y update
-RUN yum -y install zulu-8
-
-RUN yum -y install supervisor
-COPY container_files/supervisor/supervisord.conf /etc/supervisord.conf
-
-RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem /etc/httpd/conf.d/ssl.conf
-
+RUN yum -y install \
+ 	zulu-8 \
+        cron \
+        supervisor \
+	libcurl \
+	&& yum clean -y all
+
+RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem \
+    && cd /etc/httpd/conf.d/ \
+    && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf
+
+COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
 COPY container_files/httpd/conf/* /etc/httpd/conf.d/
 COPY container_files/httpd/possible-conf/* /etc/httpd/possible-conf/
 COPY container_files/shibboleth/* /etc/shibboleth/
 COPY container_files/usr-local-bin/ /usr/local/bin/
 
+RUN mv /usr/local/bin/setenv.sh /opt/tier/setenv.sh \
+    && chmod 755 /opt/tier/setenv.sh
+
+RUN chmod 755 /usr/local/bin/sendtierbeacon.sh \
+    && chmod 755 /usr/local/bin/setupcron.sh \
+    && chmod 755 /usr/local/bin/init.sh \
+    && chmod 755 /usr/local/bin/library.sh \
+    && chmod 755 /usr/local/bin/startup.sh \
+    && /usr/local/bin/setupcron.sh
+
 RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
     && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
     && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
-    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/dev\/fd\/1"/g' /etc/httpd/conf/httpd.conf \
-    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/dev\/fd\/1"/g' /etc/httpd/conf/httpd.conf \
+    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
+    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
     && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
     && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
 
-
-
-
-# TODO switch to other appropriate Java implementation
-
-
-
 ARG MP_VERSION=3.9-SNAPSHOT
 ARG MP_DIST_FILE=midpoint-${MP_VERSION}-dist.tar.gz
 
@@ -65,4 +73,8 @@ ENV AJP_ENABLED true
 ENV AJP_PORT 9090
 ENV LOGOUT_URL https://localhost:4438/Shibboleth.sso/Logout
 
-CMD ["/usr/bin/supervisord"]
+ENV TIER_RELEASE=test-non-release
+ENV TIER_MAINTAINER=tier
+
+#CMD ["/usr/bin/supervisord"]
+CMD ["/usr/local/bin/startup.sh"]
diff --git a/grouper-midpoint/mp-gr/midpoint-server/container_files/shibboleth/native.logger b/grouper-midpoint/mp-gr/midpoint-server/container_files/shibboleth/native.logger
@@ -28,12 +28,12 @@ log4j.category.XMLTooling.libcurl=INFO
 # define the appender
 
 log4j.appender.native_log=org.apache.log4j.FileAppender
-log4j.appender.native_log.fileName=/dev/fd/6
+log4j.appender.native_log.fileName=/tmp/logshib
 log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.warn_log=org.apache.log4j.FileAppender
-log4j.appender.warn_log.fileName=/dev/fd/7
+log4j.appender.warn_log.fileName=/tmp/logshib
 log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 log4j.appender.warn_log.threshold=WARN
diff --git a/grouper-midpoint/mp-gr/midpoint-server/container_files/shibboleth/shibd.logger b/grouper-midpoint/mp-gr/midpoint-server/container_files/shibboleth/shibd.logger
@@ -42,18 +42,18 @@ log4j.additivity.Shibboleth-TRANSACTION=false
 # define the appenders
 
 log4j.appender.shibd_log=org.apache.log4j.FileAppender
-log4j.appender.shibd_log.fileName=/dev/fd/3
+log4j.appender.shibd_log.fileName=/tmp/logshib
 log4j.appender.shibd_log.maxFileSize=0
 log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.tran_log=org.apache.log4j.FileAppender
-log4j.appender.tran_log.fileName=/dev/fd/4
+log4j.appender.tran_log.fileName=/tmp/logshib
 log4j.appender.tran_log.maxFileSize=0
 log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
 
 log4j.appender.sig_log=org.apache.log4j.FileAppender
-log4j.appender.sig_log.fileName=/dev/fd/5
+log4j.appender.sig_log.fileName=/tmp/logshib
 log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
 log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log;${ENV};${USERTOKEN};%m
diff --git a/grouper-midpoint/mp-gr/midpoint-server/container_files/supervisor/supervisord.conf b/grouper-midpoint/mp-gr/midpoint-server/container_files/supervisor/supervisord.conf
@@ -1,16 +1,15 @@
 [supervisord]
+logfile=/tmp/logsuperd
+logfile_maxbytes=0
+loglevel=error
 nodaemon=true
+user=root
 
-[program:init]
-command=/usr/local/bin/init.sh
-autostart=true
-
-[program:httpd-shib]
-command=httpd-shib-foreground
-stdout_logfile=/dev/fd/1
+[program:init-httpd-shib]
+command=/bin/bash -c "/usr/local/bin/init.sh && httpd-shib-foreground"
+stdout_logfile=/tmp/loghttpd
 stdout_logfile_maxbytes=0
 redirect_stderr=true
-autostart=true
 
 [program:midpoint]
 command=/bin/bash -c "java -Xmx2048M -Xms2048M -Dfile.encoding=UTF8 \
@@ -22,14 +21,21 @@ command=/bin/bash -c "java -Xmx2048M -Xms2048M -Dfile.encoding=UTF8 \
        -Dmidpoint.repository.hibernateHbm2ddl=none \
        -Dmidpoint.repository.missingSchemaAction=create \
        -Dmidpoint.repository.initializationFailTimeout=60000 \
-       -Dmidpoint.logging.console.enabled=true -Dmidpoint.logging.console.prefix='midpoint;midpoint.log;$ENV;$USERTOKEN;' -Dmidpoint.logging.console.timezone=UTC \
+       -Dmidpoint.logging.console.enabled=true -Dmidpoint.logging.console.prefix='midpoint;midpoint.log;${ENV};${USERTOKEN};' -Dmidpoint.logging.console.timezone=UTC \
        -Dspring.profiles.active=$ACTIVE_PROFILE \
        -Dauth.sso.header=$SSO_HEADER \
        -Dauth.logout.url=$LOGOUT_URL \
        -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
        -Dserver.tomcat.ajp.port=$AJP_PORT \
-       -jar $MP_DIR/lib/midpoint.war"
+       -jar $MP_DIR/lib/midpoint.war
+       -Dlogging.path=/tmp/logtomcat"
 stdout_logfile=/dev/fd/2
 stdout_logfile_maxbytes=0
 redirect_stderr=true
-autostart=true
+
+[program:tier-beacon]
+command=/usr/sbin/crond -i -m off
+stdout_logfile=/tmp/logcrond
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+autorestart=false
diff --git a/grouper-midpoint/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh b/grouper-midpoint/mp-gr/midpoint-server/container_files/usr-local-bin/library.sh
@@ -5,17 +5,17 @@ linkSecrets(){
     	local label_file=`basename $filepath`
     	local file=$(echo $label_file| cut -d'_' -f 2)
 
-    	if [ $label_file = shib_* ]; then
+    	if [[ $label_file == shib_* ]]; then
             ln -sf /run/secrets/$label_file /etc/shibboleth/$file
-    	elif [ "$label_file" = "host-key.pem" ]; then
+    	elif [ "$label_file" == "host-key.pem" ]; then
             ln -sf /run/secrets/host-key.pem /etc/pki/tls/private/host-key.pem
     	fi
      done
 }
 
 
 checkMidpointSecurityProfile(){
-     if [ $ACTIVE_PROFILE = *'sso'* ]; then
+     if [[ $ACTIVE_PROFILE = *'sso'* ]]; then
 	cp /etc/httpd/possible-conf/midpoint-www-with-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf
      else
         cp /etc/httpd/possible-conf/midpoint-www-without-shibboleth-sso.conf /etc/httpd/conf.d/midpoint-www.conf

diff --git a/grouper-midpoint/mp-gr/midpoint-server/container_files/usr-local-bin/sendtierbeacon.sh b/grouper-midpoint/mp-gr/midpoint-server/container_files/usr-local-bin/sendtierbeacon.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+LOGHOST="localhost"
+LOGPORT="80"
+
+if [ -s /opt/tier/env.bash ]; then
+  . /opt/tier/env.bash
+fi
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+    cat > $messagefile <<EOF
+{
+    "msgType"          : "TIERBEACON",
+    "msgName"          : "TIER",
+    "msgVersion"       : "1.0",
+    "tbProduct"        : "MIDPOINT",
+    "tbProductVersion" : "$MP_VERSION",
+    "tbTIERRelease"    : "$TIER_RELEASE",
+    "tbMaintainer"     : "$TIER_MAINTAINER"
+}
+EOF
+
+    curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; TIER beacon sent"
+    else
+        echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; Failed to send TIER beacon"
+    fi
+
+    rm -f $messagefile 1>/dev/null 2>&1
+
+fi