Skip to content
Snippets Groups Projects
Commit 33b77769 authored by Marco Malavolti's avatar Marco Malavolti
Browse files

Docker implementation update

parent 3f0f3d11
No related branches found
No related tags found
No related merge requests found
...@@ -2,48 +2,61 @@ FROM debian:12 ...@@ -2,48 +2,61 @@ FROM debian:12
LABEL Authors="Marco Malavolti <marco.malavolti@garr.it>" LABEL Authors="Marco Malavolti <marco.malavolti@garr.it>"
USER root USER root
ENV DEBIAN_FRONTEND=noninteractive
ENV ECCS_VERSION=2.1.0 ENV ECCS_VERSION=2.1.0
ENV XMLSECTOOL_VERSION=3.0.0 ENV XMLSECTOOL_VERSION=3.0.0
ENV JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto ENV AMAZON_JDK_KEY=https://corretto.aws/downloads/resources/11.0.6.10.1/B04F24E3.pub
COPY --from=hairyhenderson/gomplate:v3.11.5 /gomplate /bin/gomplate COPY --from=hairyhenderson/gomplate:v3.11.5 /gomplate /bin/gomplate
RUN apt-get update \ RUN apt-get update \
&& apt-get install --no-install-recommends -y apt-utils vim git bash-completion ca-certificates curl unzip uwsgi cron gpg gpg-agent \ && apt-get install --no-install-recommends -y apt-utils vim git bash-completion \
python3 python3-pip python3-click python3-flask python3-flask-restful python3-requests python3-selenium python3-urllib3 \ ca-certificates curl unzip uwsgi cron gpg gpg-agent libxml2-utils supervisor \
#&& cp /etc/apt/sources.list /etc/apt/sources.list.d/sources-src.list \ python3 python3-pip python3-click python3-flask python3-flask-restful \
python3-requests python3-selenium python3-urllib3 apache2 \
libpcre3 libpcre3-dev libapache2-mod-proxy-uwsgi build-essential python3-dev \
&& sed -i -e 's/"syntax on/syntax on/g' /etc/vim/vimrc \ && sed -i -e 's/"syntax on/syntax on/g' /etc/vim/vimrc \
&& printf "\nif [ -f /etc/bash_completion ]; then\n . /etc/bash_completion\nfi" >> /etc/profile && printf "\nif [ -f /etc/bash_completion ]; then\n . /etc/bash_completion\nfi" >> /etc/profile
COPY supervisord.conf /etc/supervisor/conf.d/
# Get ECCS # Get ECCS
WORKDIR /root WORKDIR /root
RUN curl "https://gitlab.software.geant.org/edugain/eccs/-/archive/v$ECCS_VERSION/eccs-v$ECCS_VERSION.tar.gz" --output eccs-v$ECCS_VERSION.tar.gz RUN curl "https://gitlab.software.geant.org/edugain/eccs/-/archive/v$ECCS_VERSION/eccs-v$ECCS_VERSION.tar.gz" --output eccs-v$ECCS_VERSION.tar.gz \
RUN tar xzf eccs-v$ECCS_VERSION.tar.gz && rm eccs-v$ECCS_VERSION.tar.gz && tar xzf eccs-v$ECCS_VERSION.tar.gz && rm eccs-v$ECCS_VERSION.tar.gz \
RUN mv eccs-v$ECCS_VERSION eccs && mv eccs-v$ECCS_VERSION eccs
# Get Google Chrome & Google Chrome Driver # Get Google Chrome & Google Chrome Driver
WORKDIR eccs WORKDIR eccs
RUN curl "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb" --output google-chrome-stable_current_amd64.deb RUN curl "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb" --output google-chrome-stable_current_amd64.deb \
RUN apt install -y ./google-chrome-stable_current_amd64.deb --no-install-recommends && apt install -y ./google-chrome-stable_current_amd64.deb --no-install-recommends \
RUN curl "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/115.0.5790.110/linux64/chromedriver-linux64.zip" --output chromedriver_linux64.zip && curl "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/115.0.5790.110/linux64/chromedriver-linux64.zip" --output chromedriver_linux64.zip \
RUN unzip chromedriver_linux64.zip && unzip chromedriver_linux64.zip \
RUN rm chromedriver_linux64.zip google-chrome-stable_current_amd64.deb && rm chromedriver_linux64.zip google-chrome-stable_current_amd64.deb \
RUN cd /root && mv chromedriver-linux64/chromedriver . \
&& rm -rf chromedriver-linux64
# Get XMLSecTool
RUN wget "https://corretto.aws/downloads/resources/11.0.6.10.1/B04F24E3.pub" -O /tmp/amazon-corretto.pub \ # Get XMLSecTool & Amazon Corretto 11 JDK
RUN wget $AMAZON_JDK_KEY -O /tmp/amazon-corretto.pub \
&& gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --import /tmp/amazon-corretto.pub \ && gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --import /tmp/amazon-corretto.pub \
&& gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --export --output /etc/apt/keyrings/amazon-corretto.gpg \ && gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --export --output /etc/apt/keyrings/amazon-corretto.gpg \
&& rm /tmp/temp-keyring.gpg && rm /tmp/temp-keyring.gpg
COPY amazon-corretto.list /etc/apt/sources.list.d/amazon-corretto.list COPY amazon-corretto.list /etc/apt/sources.list.d/amazon-corretto.list
RUN apt-get update && apt-get install -y java-11-amazon-corretto-jdk RUN apt-get update && apt-get install -y java-11-amazon-corretto-jdk \
&& curl "https://shibboleth.net/downloads/tools/xmlsectool/$XMLSECTOOL_VERSION/xmlsectool-$XMLSECTOOL_VERSION-bin.zip" --output xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
RUN curl "https://shibboleth.net/downloads/tools/xmlsectool/$XMLSECTOOL_VERSION/xmlsectool-$XMLSECTOOL_VERSION-bin.zip" --output xmlsectool-$XMLSECTOOL_VERSION-bin.zip && unzip xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
RUN unzip xmlsectool-$XMLSECTOOL_VERSION-bin.zip && rm xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
&& curl "https://mdx.idem.garr.it/idem-mdx-service-crt.pem" --output idem-mdx-service-crt.pem
COPY get-sps-metadata.sh get-sps-metadata.sh
COPY eccs_properties.py.template eccs_properties.py COPY eccs_properties.py.template eccs_properties.py
COPY eccs-sps-md-cron /etc/cron.d/eccs_get_sps_metadata
# Install ECCS API
COPY eccs.ini eccs.ini
COPY eccs.service eccs.service
COPY eccs.service /etc/systemd/system/eccs.service
EXPOSE 80 EXPOSE 80
EXPOSE 443 EXPOSE 443
......
...@@ -26,6 +26,43 @@ Setup dev environment ...@@ -26,6 +26,43 @@ Setup dev environment
* ``git clone git@gitlab.software.geant.org:edugain/eccs.git $HOME/eccs`` * ``git clone git@gitlab.software.geant.org:edugain/eccs.git $HOME/eccs``
#. Create the `.env` file:
* ``cd $HOME/eccs``
* ``cp dot-env-template .env``
Start dev environment
---------------------
* ``cd $HOME/eccs``
* ``bash setup-eccs-dev.sh``
Open a terminal on the container docker
---------------------------------------
``docker exec -it -u root eccs bash``
[`Indice`_]
Container Registry Authentication
---------------------------------
``docker login gitlab.software.geant.org:5050``
Build a new docker container image
----------------------------------
``docker build -t gitlab.software.geant.org:5050/edugain/eccs -f Dockerfile .``
Load a container image to the Container Registry
------------------------------------------------
``docker push gitlab.software.geant.org:5050/edugain/eccs:MAJOR.MINOR.PATCH``
We'll respect `Semantic Versioning`_.
Authors Authors
------- -------
...@@ -35,5 +72,6 @@ Authors ...@@ -35,5 +72,6 @@ Authors
.. _post-installation: https://docs.docker.com/engine/install/linux-postinstall/ .. _post-installation: https://docs.docker.com/engine/install/linux-postinstall/
.. _Docker: https://docs.docker.com/engine/install/ .. _Docker: https://docs.docker.com/engine/install/
.. _Semantic Versioning: https://semver.org
.. _Marco Malavolti: mailto:marco.malavolti@garr.it .. _Marco Malavolti: mailto:marco.malavolti@garr.it
.. _Valentin Pocotilenco: mailto:valentin.pocotilenco@renam.md .. _Valentin Pocotilenco: mailto:valentin.pocotilenco@renam.md
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
BASEDIR=$HOME BASEDIR=$HOME
source $HOME/.bash_profile #source $HOME/.bash_profile
# Remove old IdP and Fed List # Remove old IdP and Fed List
rm -f $BASEDIR/eccs/input/*.json rm -f $BASEDIR/eccs/input/*.json
......
version: '3.9'
services:
eccs:
image: gitlab.software.geant.org:5050/edugain/eccs:dev
build:
context: .
dockerfile: Dockerfile-dev
container_name: eccs
hostname: eccs
env_file:
- .env
ports:
- 80:80
- 443:443
DEBIAN_FRONTEND=noninteractive
ECCS_VERSION=2.1.0
XMLSECTOOL_VERSION=3.0.0
JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto
0 3 * * * /bin/bash $HOME/eccs/get-sps-metadata.sh
#!/bin/bash
sp_md_1="input/sp_md_1.xml"
sp_md_2="input/sp_md_2.xml"
output_file="input/sps-metadata.xml"
# Download SPs metadata only if they are changes since last download
curl -z $sp_md_1 -o $sp_md_1 "https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fattribute-viewer.aai.switch.ch%2Finterfederation-test%2Fshibboleth"
curl -z $sp_md_2 -o $sp_md_2 "https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fsp-demo.idem.garr.it%2Fshibboleth"
# Check the existance of the metadata files
if [ ! -f "$sp_md_1" ] || [ ! -f "$sp_md_2" ]; then
echo "Error: both files have to exist."
exit 1
fi
sp_md_1_is_valid=$(bash xmlsectool-3.0.0/xmlsectool.sh --verifySignature --certificate idem-mdx-service-crt.pem --inFile input/sp_md_1.xml | grep "XML document signature verified." | wc -l)
sp_md_2_is_valid=$(bash xmlsectool-3.0.0/xmlsectool.sh --verifySignature --certificate idem-mdx-service-crt.pem --inFile input/sp_md_2.xml | grep "XML document signature verified." | wc -l)
# Check the validity of both SP metadata files
if [ $sp_md_1_is_valid -eq 0 ] || [ $sp_md_1_is_valid -eq 0 ]; then
echo "Error: at least one of SP metadata file has an invalid signature."
exit 1
fi
# Remove XML declaration from both SP Metadata files
sed -i '1d' "$sp_md_1"
sed -i '1d' "$sp_md_2"
header='<?xml version="1.0" encoding="UTF-8"?>
<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">'
footer='</md:EntitiesDescriptor>'
# Generation the sps-metadata.xml
echo "$header" > "$output_file"
cat "$sp_md_1" >> "$output_file"
cat "$sp_md_2" >> "$output_file"
echo "$footer" >> "$output_file"
xmllint --format "$output_file" > "$output_file.tmp" && mv "$output_file.tmp" "$output_file"
#!/bin/bash
function modify_hosts_file() {
local action="$1"
local domain_name="$2"
local ip_address="$3"
local hosts_path="/etc/hosts"
if [[ "$action" == "add" ]]; then
if sudo grep -q "$ip_address $domain_name" "$hosts_path"; then
return 0
fi
echo -ne "\n$ip_address\t$domain_name" | sudo tee -a "$hosts_path" >/dev/null
#echo "\nAdded $ip_address $domain_name to /etc/hosts file"
elif [[ "$action" == "remove" ]]; then
if ! sudo grep -q "$domain_name" "$hosts_path"; then
return 0
fi
sudo sed -i "/$domain_name/d" "$hosts_path"
#echo "\nRemoved line containing $domain_name from /etc/hosts file"
else
echo "Utilizzo: modify_hosts_file [add|remove] <dominio> [<indirizzo IP>]"
return 1
fi
}
echo "Stop and remove all"
docker compose down
#echo "Stop any local Apache2 Web Server started"
#sudo systemctl stop apache2.service
echo "Remove old container image to be able to create it from scratch"
docker rmi gitlab.software.geant.org:5050/edugain/eccs:dev
echo "Start docker container creation"
docker compose up -d
ECCS_IP=$(docker inspect eccs | grep "IPAddress" | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n 1)
DOMAIN_NAME="technical.edugain.org technical-test.edugain.org"
modify_hosts_file "remove" "$DOMAIN_NAME"
modify_hosts_file "add" "$DOMAIN_NAME" "$ECCS_IP"
echo ""
echo "Per accedere al container 'eccs' usare:"
echo ""
echo "docker exec -it -u root eccs bash"
#!/bin/bash
# ...other things...
# Last command
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
[supervisord]
nodaemon=true
[program:cron]
command=cron -f
autostart=true
autorestart=true
#[program:uwsgi]
#command=uwsgi --ini /path/to/uwsgi_config.ini
#autostart=true
#autorestart=true
#[program:apache2]
#command=apache2ctl -DFOREGROUND
#autostart=true
#autorestart=true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment