diff --git a/comanage-registry-base/comanage_utils.sh b/comanage-registry-base/comanage_utils.sh index a7d48f1..eb82dfc 100644 --- a/comanage-registry-base/comanage_utils.sh +++ b/comanage-registry-base/comanage_utils.sh @@ -87,6 +87,7 @@ function comanage_utils::consume_injected_environment() { COMANAGE_REGISTRY_ADMIN_GIVEN_NAME COMANAGE_REGISTRY_ADMIN_FAMILY_NAME COMANAGE_REGISTRY_ADMIN_USERNAME + COMANAGE_REGISTRY_CRONTAB COMANAGE_REGISTRY_DATASOURCE COMANAGE_REGISTRY_DATABASE COMANAGE_REGISTRY_DATABASE_HOST @@ -127,6 +128,33 @@ function comanage_utils::consume_injected_environment() { echo "Done examining environment variables" > "$OUTPUT" } +########################################## +# Deploy crontab file +# Globals: +# COMANAGE_REGISTRY_DIR +# COMANAGE_REGISTRY_CRONTAB +# OUTPUT +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::deploy_crontab() { + + local crontab + + if [[ -n "$COMANAGE_REGISTRY_CRONTAB" ]]; then + crontab="$COMANAGE_REGISTRY_CRONTAB" + else + crontab="$COMANAGE_REGISTRY_DIR/local/crontab" + fi + + if [[ -f "$crontab" ]]; then + echo "Deploying crontab $crontab..." > "$OUTPUT" 2>&1 + /usr/bin/crontab -u www-data $crontab > "$OUTPUT" 2>&1 + fi +} + ########################################## # Enable non-core plugins # Globals: @@ -206,6 +234,38 @@ function comanage_utils::exec_apache_http_server() { exec "$@" } +########################################## +# Exec to start and become cron +# Globals: +# None +# Arguments: +# Command and arguments to exec +# Returns: +# Does not return +########################################## +function comanage_utils::exec_cron() { + + comanage_utils::consume_injected_environment + + comanage_utils::configure_console_logging + + comanage_utils::prepare_local_directory + + comanage_utils::prepare_database_config + + comanage_utils::wait_database_connectivity + + comanage_utils::registry_clear_cache + + comanage_utils::tmp_ownership + + comanage_utils::deploy_crontab + + comanage_utils::start_syslogd + + exec "$@" +} + ########################################## # Manage TIER environment variables # Globals: @@ -623,6 +683,21 @@ function comanage_utils::registry_upgrade() { comanage_utils::registry_clear_cache } +########################################## +# Start syslogd from busybox for use with cron +# Globals: +# None +# Arguments: +# None +# Returns: +# None +########################################## +function comanage_utils::start_syslogd() { + + /sbin/syslogd -O /proc/1/fd/1 -S + +} + ########################################## # Set tmp directory file ownership # Globals: diff --git a/comanage-registry-cron/.dockerignore b/comanage-registry-cron/.dockerignore new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/comanage-registry-cron/.dockerignore @@ -0,0 +1 @@ +README.md diff --git a/comanage-registry-cron/Dockerfile b/comanage-registry-cron/Dockerfile new file mode 100644 index 0000000..2b1ec62 --- /dev/null +++ b/comanage-registry-cron/Dockerfile @@ -0,0 +1,40 @@ +# COmanage Registry Dockerfile template +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +ARG COMANAGE_REGISTRY_VERSION=develop +ARG COMANAGE_REGISTRY_BASE_IMAGE_VERSION=1 + +FROM comanage-registry-base:${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + busybox-syslogd \ + cron + +COPY --chown=root:root root-crontab /etc/crontab +COPY --chown=root:root www-data-crontab /srv/comanage-registry/local/crontab + +RUN /usr/bin/crontab -u www-data /srv/comanage-registry/local/crontab \ + && /usr/sbin/usermod --shell /bin/bash www-data \ + && touch /etc/default/locale + +COPY docker-comanage-cron-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-comanage-cron-entrypoint"] + +CMD ["/usr/sbin/cron", "-f", "-L", "15"] diff --git a/comanage-registry-cron/README.md b/comanage-registry-cron/README.md new file mode 100644 index 0000000..64e323a --- /dev/null +++ b/comanage-registry-cron/README.md @@ -0,0 +1,158 @@ + + +# COmanage Registry Cron + +Intended to build a COmanage Registry image that uses cron to execute +COmanage Registry [JobShell](https://spaces.at.internet2.edu/x/m4MQBg) jobs. +(See also [Registry Installation - Cron](https://spaces.at.internet2.edu/x/voD4Ag)). + +## Build Arguments + +Building the image requires the following build arguments: + +``` +--build-arg COMANAGE_REGISTRY_VERSION= +--build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION= +``` + +## Build Requirements + +This image uses a [multi-stage build](https://docs.docker.com/develop/develop-images/multistage-build/). +It requires that the [COmanage Registry base image](../comanage-registry-base/README.md) +be built first. + +## Building + +``` +docker build \ + --build-arg COMANAGE_REGISTRY_VERSION= \ + --build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION= \ + -t comanage-registry-cron: . +``` + +## Building Example + +``` +export COMANAGE_REGISTRY_VERSION=3.3.0 +export COMANAGE_REGISTRY_BASE_IMAGE_VERSION=1 +export COMANAGE_REGISTRY_CRON_IMAGE_VERSION=1 +TAG="${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_CRON_IMAGE_VERSION}" + +docker build \ + --build-arg COMANAGE_REGISTRY_VERSION=${COMANAGE_REGISTRY_VERSION} \ + --build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION=${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} \ + -t comanage-registry-cron:$TAG . +``` + +## Volumes and Data Persistence + +This image does not require data persistence using volumes, but it is often convenient +to use the same volume for this image as is used for COmanage Registry so that the +JobShell code easily uses the same database configuration used for COmanage Registry. +See [COmanage Registry Volumes and Data Persistence](../docs/volumes-and-data-persistence.md). + +If you do not use the same volume that is used with COmanage Registry you need +to inject the necessary environment variables so that the container can create +the database configuration file dynamically. See the next section for details. + +## Environment Variables + +See the [list of environment variables common to all images](../docs/comanage-registry-common-environment-variables.md) +including this image. Since this image does not run a webserver many of the environment variables will +be ignored by containers instantiated from this image. + +If you do not use the same volume that is used with COmanage Registry be sure +to set the environment variables + +* `COMANAGE_REGISTRY_DATASOURCE` +* `COMANAGE_REGISTRY_DATABASE` +* `COMANAGE_REGISTRY_DATABASE_HOST` +* `COMANAGE_REGISTRY_DATABASE_USER` +* `COMANAGE_REGISTRY_DATABASE_USER_PASSWORD` + +See also the next section for details on how to specify the location of +the crontab file. + +## Crontab File + +When the container starts it will install a crontab file that is used by +cron to execute COmanage Registry COmanage Registry [JobShell](https://spaces.at.internet2.edu/x/m4MQBg) jobs. +The container will look for a crontab file at + +``` +/srv/comanage-registry/local/crontab +``` +by default. If you are using the same volume as for COmanage Registry then you only +need to add the desired crontab file to that volume. Alternatively you may provide +a unique volume and add the crontab file to it (also be sure to inject the necessary +environment variables so that the container can connect to the database--see above). + +You may also specify the location of the crontab file to install using the +environment variable + +``` +COMANAGE_REGISTRY_CRONTAB +``` + +If no crontab file is found the container uses this default crontab file: + +``` +SHELL=/bin/bash +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO="" +# Deprecated job to run expirations, syncorgsources, and groupvalidity tasks (until Registry v4.0.0) +0 1 * * * cd /srv/comanage-registry/app && ./Console/cake job -q +# Run the job queue for CO 1 every 5 minutes starting at minute 0 +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 1 +``` + +## Authentication + +The image does not run a webserver and does not require authentication. + +## Ports + +The image does not run a webserver and does not listen on any ports. + +## Running + +See other documentation in this repository for details on how to orchestrate +running this image with other images using an orchestration tool like +Docker Compose, Docker Swarm, or Kubernetes. + +**Note that only one container instantiated from this image should run at +any given time. There is currently no cross-process locking for COmanage +Registry JobShell jobs.** + +To run this image: + +``` +docker run -d \ + --name comanage-registry-cron \ + -v /opt/comanage-registry-local:/srv/comanage-registry/local \ + comanage-registry-cron:3.3.0-1 +``` + +## Logging + +The cron process logs to the stdout and stderr of the container. + diff --git a/comanage-registry-cron/docker-comanage-cron-entrypoint b/comanage-registry-cron/docker-comanage-cron-entrypoint new file mode 100755 index 0000000..3fb7594 --- /dev/null +++ b/comanage-registry-cron/docker-comanage-cron-entrypoint @@ -0,0 +1,24 @@ +#!/bin/bash + +# COmanage Registry Dockerfile entrypoint +# +# Portions licensed to the University Corporation for Advanced Internet +# Development, Inc. ("UCAID") under one or more contributor license agreements. +# See the NOTICE file distributed with this work for additional information +# regarding copyright ownership. +# +# UCAID licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +source /usr/local/lib/comanage_utils.sh + +comanage_utils::exec_cron "$@" diff --git a/comanage-registry-cron/root-crontab b/comanage-registry-cron/root-crontab new file mode 100644 index 0000000..93dbebb --- /dev/null +++ b/comanage-registry-cron/root-crontab @@ -0,0 +1,3 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO="" diff --git a/comanage-registry-cron/www-data-crontab b/comanage-registry-cron/www-data-crontab new file mode 100644 index 0000000..df30457 --- /dev/null +++ b/comanage-registry-cron/www-data-crontab @@ -0,0 +1,7 @@ +SHELL=/bin/bash +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO="" +# Deprecated job to run expirations, syncorgsources, and groupvalidity tasks (until Registry v4.0.0) +0 1 * * * cd /srv/comanage-registry/app && ./Console/cake job -q +# Run the job queue for CO 1 every 5 minutes starting at minute 0 +0-59/5 * * * * cd /srv/comanage-registry/app && ./Console/cake job -q -r -c 1