Aligned eduGAIN ECCS UI style on the ECCS docker image

.gitignore

@@ -4,9 +4,3 @@
 eccs.pid
 chromedriver
 python*
-eccs.ini
-eccs.conf
-eccs.service
-eccs_properties.py
-clean7daysOldFiles.sh
-cleanAndRunEccs.sh

Dockerfile

 FROM debian:12
 LABEL Authors="Marco Malavolti <marco.malavolti@garr.it>"
 
-USER root
+ENV CHROME_VERSION="115.0.5790.170-1"
+ENV CHROMEDRIVER_VERSION="115.0.5790.110"
+ENV PYFF_VERSION="2.0.0"
 
-ENV XMLSECTOOL_VERSION=3.0.0
-ENV AMAZON_JDK_KEY=https://corretto.aws/downloads/resources/11.0.6.10.1/B04F24E3.pub
+#COPY --from=hairyhenderson/gomplate:v3.11.5 /gomplate /bin/gomplate
 
-COPY --from=hairyhenderson/gomplate:v3.11.5 /gomplate /bin/gomplate
+USER root
+RUN useradd -rms /bin/bash eccs
 
 RUN apt-get update \
-    && apt-get install -y apt-utils net-tools vim bash-completion \
-    ca-certificates curl unzip uwsgi uwsgi-plugin-python3 cron gpg gpg-agent libxml2-utils \
+    && apt-get install -y apt-utils net-tools vim cron wget gpg gpg-agent unzip ca-certificates \
+    build-essential python3-dev libxml2-dev libxml2-dev libxslt1-dev \
+    apache2 php supervisor uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi libxml2-utils \
     python3 python3-pip python3-click python3-flask python3-flask-restful \
-    python3-requests python3-selenium python3-urllib3 apache2 supervisor php \
-    libpcre3 libapache2-mod-proxy-uwsgi build-essential \
-    && sed -i -e 's/"syntax on/syntax on/g' /etc/vim/vimrc \
-    && printf "\nif [ -f /etc/bash_completion ]; then\n . /etc/bash_completion\nfi" >> /etc/profile
+    python3-requests python3-selenium python3-urllib3 --no-install-recommends \
+    && sed -i -e 's/"syntax on/syntax on/g' /etc/vim/vimrc
 
-# Get ECCS
-WORKDIR /root
-
-RUN mkdir eccs
-WORKDIR eccs
-COPY api.py clean7daysOldFiles.sh cleanAndRunEccs.sh eccs.ini eccs.py eccs_properties.py eccs-wsgi.py get-sps-metadata.sh retryFailedChecks.py runEccs.py utils.py .
-COPY html/ html/
-COPY input/ input/
-COPY logs/ logs/
-COPY output/ output/
-COPY selenium-logs/ selenium-logs/
-COPY web/ web/
+# Install PyFF
+RUN python3 -m pip install pyff==$PYFF_VERSION --break-system-packages \
+    && sed 's/random.seed(self)/random.seed(id(self))/' -i $(find /usr -name repo.py) # Until the commit https://github.com/IdentityPython/pyFF/commit/601f796776a1948bf09278e6f7ad4c1266904992 will not be implemented into a new PyFF release
 
 # Get Google Chrome & Google Chrome Driver
-RUN curl "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb" --output google-chrome-stable_current_amd64.deb \
+# Check available versions here: https://www.ubuntuupdates.org/package/google_chrome/stable/main/base/google-chrome-stable
+RUN wget "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb" -O google-chrome-stable_current_amd64.deb \
     && apt install -y ./google-chrome-stable_current_amd64.deb --no-install-recommends \
-    && curl "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/115.0.5790.110/linux64/chromedriver-linux64.zip" --output chromedriver_linux64.zip \
+    && rm google-chrome-stable_current_amd64.deb
+
+USER eccs
+
+# Get ECCS
+WORKDIR /home/eccs
+
+# Google Chrome Driver
+RUN wget "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/${CHROMEDRIVER_VERSION}/linux64/chromedriver-linux64.zip" -O chromedriver_linux64.zip \
     && unzip chromedriver_linux64.zip \
-    && rm chromedriver_linux64.zip google-chrome-stable_current_amd64.deb \
+    && rm chromedriver_linux64.zip \
     && mv chromedriver-linux64/chromedriver . \
     && rm -rf chromedriver-linux64
 
-# Get XMLSecTool & Amazon Corretto 11 JDK
-RUN wget $AMAZON_JDK_KEY -O /tmp/amazon-corretto.pub \
- && gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --import /tmp/amazon-corretto.pub \
- && gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --export --output /etc/apt/keyrings/amazon-corretto.gpg \
- && rm /tmp/temp-keyring.gpg
-COPY amazon-corretto.list /etc/apt/sources.list.d/amazon-corretto.list
+COPY --chown=eccs:eccs pyff-config/ pyff-config/
+
+COPY --chown=eccs:eccs api.py clean7daysOldFiles.sh cleanAndRunEccs.sh eccs.ini eccs.py eccs_properties.py eccs-wsgi.py get-sps-metadata.sh retryFailedChecks.py runEccs.py utils.py .
+COPY --chown=eccs:eccs  html/ html/
+COPY --chown=eccs:eccs  input/ input/
+COPY --chown=eccs:eccs  logs/ logs/
+COPY --chown=eccs:eccs  output/ output/
+COPY --chown=eccs:eccs  selenium-logs/ selenium-logs/
+COPY --chown=eccs:eccs  web/ web/
+
+USER root
+
 COPY eccs_cron /etc/cron.d/eccs_cron
-RUN apt-get update && apt-get install -y java-11-amazon-corretto-jdk \
-    && curl "https://shibboleth.net/downloads/tools/xmlsectool/$XMLSECTOOL_VERSION/xmlsectool-$XMLSECTOOL_VERSION-bin.zip" --output xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
-    && unzip xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
-    && mv xmlsectool-$XMLSECTOOL_VERSION xmlsectool \
-    && echo "$XMLSECTOOL_VERSION" > xmlsectool/version.txt \
-    && rm xmlsectool-$XMLSECTOOL_VERSION-bin.zip \
-    && curl "https://mdx.idem.garr.it/idem-mdx-service-crt.pem" --output idem-mdx-service-crt.pem
+COPY pyff_cron /etc/cron.d/pyff_cron
 
 # Install ECCS API
-#COPY eccs.service /etc/systemd/system/multi-user.target.wants/eccs.service
 COPY eccs.conf /etc/apache2/conf-available/eccs.conf
 RUN ln -s /etc/apache2/conf-available/eccs.conf /etc/apache2/conf-enabled/eccs.conf \
-    && ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf \  
-    && ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load \ 
-    && ln -s /etc/apache2/mods-available/proxy_uwsgi.load /etc/apache2/mods-enabled/proxy_uwsgi.load \ 
-    && chmod 755 /root
+    && ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf \
+    && ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load \
+    && ln -s /etc/apache2/mods-available/proxy_uwsgi.load /etc/apache2/mods-enabled/proxy_uwsgi.load
 
 EXPOSE 80
 EXPOSE 443

README-Docker.rst

@@ -2,18 +2,25 @@
 eduGAIN Connectivity Check Service
 ==================================
 
-Indice
-------
+Index
+-----
 
 #. `Base`_
 #. `Setup dev environment`_
+#. `Start dev environment`_
+#. `Open a terminal on the container docker`_
+#. `Container Registry Authentication`_
+#. `Build a new docker container image`_
+#. `Load a container image to the Container Registry`_
+#. `Use the ECCS Docker container`_
 #. `Authors`_
 
 Base
 ----
 
 #. Install `Docker`_
-#. Follow Linux `post-installation`_ steps for Docker Engine.
+#. Follow Linux `post-installation`_ steps for Docker Engine
+#. Install `Docker Compose Plugin`_
 
 Setup dev environment
 ---------------------
@@ -26,32 +33,29 @@ Setup dev environment
 
    * ``git clone git@gitlab.software.geant.org:edugain/eccs.git $HOME/eccs``
 
-#. Create the `.env` file:
-
-   * ``cd $HOME/eccs``
-
-   * ``cp dot-env-template .env``
-
 Start dev environment
 ---------------------
 
 * ``cd $HOME/eccs``
 
 * ``bash setup-eccs-dev.sh``
-  
+ 
+[`Index`_]
 
 Open a terminal on the container docker
 ---------------------------------------
 
 ``docker exec -it -u root eccs bash``
 
-[`Indice`_]
+[`Index`_]
 
 Container Registry Authentication
 ---------------------------------
 
 ``docker login gitlab.software.geant.org:5050``
 
+[`Index`_]
+
 You need to create a Token if Federated access is used.
 
 Build a new docker container image
@@ -66,14 +70,25 @@ Load a container image to the Container Registry
 
 We'll respect `Semantic Versioning`_.
 
+Use the ECCS Docker container
+-----------------------------
+
+``docker compose -f docker-compose-<ECCS_VERSION>.yml``
+
+The ``ECCS_VERSION`` avaliable are:
+
+   * ``2.1.0``
+
+
 Authors
 -------
 
 * `Marco Malavolti`_
 * `Valentin Pocotilenco`_
 
-.. _post-installation: https://docs.docker.com/engine/install/linux-postinstall/
 .. _Docker: https://docs.docker.com/engine/install/ 
+.. _post-installation: https://docs.docker.com/engine/install/linux-postinstall/
+.. _Docker Compose Plugin: https://docs.docker.com/compose/install/linux/
 .. _Semantic Versioning: https://semver.org
 .. _Marco Malavolti: mailto:marco.malavolti@garr.it
 .. _Valentin Pocotilenco: mailto:valentin.pocotilenco@renam.md

README-SPS-METADATA-Docker.md

-# HOWTO Automating ECCS SPs Metadata download with XMLSecTool and Cron
-
-1. [Introduction](#introduction)
-3. [Configure](#configure)
-5. [Authors](#authors)
-
-## Introduction
-
-The eduGAIN Connectivity Check Service (ECCS), uses two Service Provider belonging to different NREN that are members of eduGAIN interfederation.
-The ECCS Python script gets the SPs' HTTP-Post AssertionConsumerService URL from the "sps-metadata.xml" file placed into "input" directory.
-The mechanism chosen to update regularly the "sps-metadata.xml" file involves the XMLSecTool & Cron that allow to validate the NREN SPs metadata downloaded the metadata certificate provided and create the "sps-metadata.xml" file as output.
-
-## Configure
-
-Customize the script `get-sps-metadata.sh` to provide your SPs. 
-
-## Authors
-
-### Original Author
-
-   * Marco Malavolti (marco.malavolti@garr.it)

amazon-corretto.list

-deb [signed-by=/etc/apt/keyrings/amazon-corretto.gpg] https://apt.corretto.aws stable main
-# deb-src [signed-by=/etc/apt/keyrings/amazon-corretto.gpg] https://apt.corretto.aws stable main

clean7daysOldFiles.sh

 #!/bin/bash
 
-BASEDIR=$HOME/eccs
+BASEDIR=/home/eccs
 
 # Remove ECCS2 result older than 7 days
 find $BASEDIR/output/* -mtime +6 -type f -delete

cleanAndRunEccs.sh

@@ -2,16 +2,16 @@
 
 # logs/stderr_$date.log is kept to see which IdP had been errors
 
-BASEDIR=$HOME
+BASEDIR=/home/eccs
 
 # Remove old IdP and Fed List
-rm -f $BASEDIR/eccs/input/*.json
+rm -f $BASEDIR/input/*.json
 
 # Run ECCS2
-$BASEDIR/eccs/runEccs.py
+$BASEDIR/runEccs.py
 
 # Run again ECCS2 for those IdPs who failed check
-$BASEDIR/eccs/retryFailedChecks.py
+$BASEDIR/retryFailedChecks.py
 
 # Remove useless files
 rm -rf /tmp/.com.google.Chrome* /tmp/chromium-*

docker-compose-2.1.0.yml

+version: '3.9'
+services:
+  eccs:
+    image: gitlab.software.geant.org:5050/edugain/eccs:2.1.0
+    container_name: eccs
+    hostname: eccs
+    ports:
+      - 80:80
+      - 443:443

docker-compose.yml

@@ -7,8 +7,8 @@ services:
       dockerfile: Dockerfile
     container_name: eccs
     hostname: eccs
-    env_file:
-      - .env
+      #env_file:
+      #  - .env
     ports:
       - 80:80
       - 443:443

dot-env-template

-DEBIAN_FRONTEND=noninteractive
-ECCS_VERSION=2.1.0
-XMLSECTOOL_VERSION=3.0.0
-JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto

eccs.conf

+<IfModule mod_alias.c>
+    Alias /eccs/html /home/eccs/html
+    Alias /eccs /home/eccs/web
+
+    <Directory /home/eccs/web>
+       DirectoryIndex index.php
+       Require all granted
+    </Directory>
+
+    <Directory /home/eccs/html>
+       Require all granted
+    </Directory>
+</IfModule>
+
+<IfModule mod_proxy_uwsgi.c>
+    ProxyPass /eccs/api uwsgi://127.0.0.1:8000/
+</IfModule>

eccs.ini

+[uwsgi]
+project        = eccs
+base           = /home
+
+chdir          = %(base)/%(project)
+
+master         = true
+processes      = 2
+
+uid            = eccs
+gid            = eccs
+
+socket         = 127.0.0.1:8000
+chmod-socket   = 660
+vacuum         = true
+
+die-on-term    = true
+
+# set max connections to 128 in uWSGI
+listen         = 128
+
+wsgi-file      = eccs-wsgi.py
+plugins        = python3
+enable-threads = true
+
+#logto          = logs/%(project)-uwsgi.log
+#logto          = /dev/stdout
+#log-maxsize    = 100000000
+#log-backupname = logs/%(project)-uwsgi.old.log
+log-format     = %(addr)|[%(ctime)]|%(method)|%(uri)
+
+# Each 1000 request restart workers
+max-requests   = 1000
+
+# respawn processes taking more than takes more then ... seconds
+harakiri       = 20
+
+pidfile        = %(project).pid
+touch-reload   = %(project).ini
+#stats         = 127.0.0.1:9193
+#stats-http    = True

eccs.service.template

-[Install]
-WantedBy=multi-user.target
-
-[Unit]
-Description=uWSGI server for ECCS
-After=network.target
-
-[Service]
-User=<USER>
-Group=<USER>
-WorkingDirectory=/home/<USER>/eccs
-RuntimeDirectory=/home/<USER>/eccs
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-StandardError=inherit
-NotifyAccess=all
-ExecStart=/home/<USER>/eccs/eccs-venv/bin/uwsgi --ini /home/<USER>/eccs/eccs.ini

eccs_cron

-0 3 * * * /usr/bin/touch $HOME/eccs/eccs.ini
-0 3 * * * /bin/bash $HOME/eccs/get-sps-metadata.sh
-0 4 * * * /bin/bash $HOME/eccs/cleanAndRunEccs.sh > /dev/stdout
-0 10 * * * /bin/bash $HOME/eccs/clean7daysOldFiles.sh > /dev/stdout
+0 3 * * * /usr/bin/touch /home/eccs/eccs.ini
+0 4 * * * /bin/bash /home/eccs/cleanAndRunEccs.sh > /dev/stdout
+0 10 * * * /bin/bash /home/eccs/clean7daysOldFiles.sh > /dev/stdout

eccs_properties.py

@@ -44,9 +44,9 @@ def get_fake_sp_name():
 # Miscellaneous
 DAY = date.today().isoformat()
 CA_BUNDLE_PATH = "/etc/ssl/certs/ca-certificates.crt"
-ECCS_DIR = f"{os.environ['HOME']}/eccs"
+ECCS_DIR = f"/home/eccs"
 PATHCHROMEDRIVER = f"{ECCS_DIR}/chromedriver"
-ECCS_PYTHON = f"{ECCS_DIR}/python/bin/python3"
+ECCS_PYTHON = f"python3"
 
 # Input
 ECCS_INPUTDIR = f"{ECCS_DIR}/input"

pyff-config/idem-mdx-service-crt.pem

+-----BEGIN CERTIFICATE-----
+MIIEUTCCArmgAwIBAgIUXzl4U3k41WwjRPk/wVrxklYuLZwwDQYJKoZIhvcNAQEL
+BQAwNzEZMBcGA1UEAwwQbWR4LmlkZW0uZ2Fyci5pdDENMAsGA1UECgwER0FSUjEL
+MAkGA1UECgwCSVQwIBcNMjExMTA1MTUxMjAzWhgPMjEyMTEwMTIxNTEyMDNaMDcx
+GTAXBgNVBAMMEG1keC5pZGVtLmdhcnIuaXQxDTALBgNVBAoMBEdBUlIxCzAJBgNV
+BAoMAklUMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA32nIKnrjRK7I
+b+bpKKftiEw7/wte3bVAoYfEg6767QnnZrF4yT0VPygAHCRdM0No2zvXtOpH8oKp
+JgwSdpesC2F6EK7MiplSD2Y2LrKhJOeFUvYgKjOb2vsiGRmv5IxHPrrkJOW61pma
+9t8CobBvi2LC3SZRWTA4Vgpzp8GJDk+y2MPJRIOK7EOVeB35czY8aTHVeh195URe
+Nf6cuUKkkJMcJXqQPl00PT8eFiC3R/VJOtgqSuhEPBI00VvOSC7mgRuuzLIrZVPe
+41vtTHj3+z+7DRgOu/3dFB65WS8v/EKWlwWm3vYBim9BdNMOZuKSQB/xN53OHNP2
+ZKcV1M+agu0yULbPRQxURmoDKhE+Tp0WRv9Hy18xymFBoaq5Rt+30cPgn3SPbNek
+guE5K3Am6GX9rw0Q+Wkyks1QRQvpdl7NhEJRInvZe2Xl0LR1Bl6bBmPVx2Qbcu5Z
+uDGYYq3sdhP/0UGOwHUWnIllq7lx5+FdVH6DVdLeFVJh5LCbNO+rAgMBAAGjUzBR
+MB0GA1UdDgQWBBShvCarAhCIYI7ZaXbC/vh9KlFHcDAfBgNVHSMEGDAWgBShvCar
+AhCIYI7ZaXbC/vh9KlFHcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBgQDWBzoJlQ5W0zEp/hgVtLBwRDTwmmkAwBwsTbztZ+ecULGY+Kbg07L5XgD7
+WTzrTMRrXFeq4GbMrXZKe5SDHwDIeyMVERHwDXuUAoMPANL5Rtgyqzr4YHVNAAFo
+WsJ9rtfKUiWidbLLpTFclOiE2HscBYORp2njxvai4picOyvrvFA+iyIpVvhc/YYq
+fb+5KIsCfIaJmZaL9lhjgMtCoTK3G3gDRihBFNTGIKJ9IhTnBdJ0HJIxNoiAo31A
+Y5/yGrBAX0qNG+/rNaoU6YDK/sgshPk45zYpuQZlE8MlRP16nySKbC1CmoX+PqBl
+yf7FRj8uINJOoEIsqsDH1EBCaGo6gtY+3h2y+P6YAk/qM61Bw4qWPiX69DlDbFHf
+QUxVq7Di72M/b6ruiZp7OioRAxdgkY+HypN9FLPjBg+59hrkVrnAuTlyF2QYUnm6
+E+FD3RNV/jjzesINP8r8eepteZkvwU/kdnS15tGwVJ3NQFOodtJJuwGo4s1GSFA0
++jt93xQ=
+-----END CERTIFICATE-----

pyff-config/sps-metadata.xml

+- load:
+   - https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fattribute-viewer.aai.switch.ch%2Finterfederation-test%2Fshibboleth /home/eccs/pyff-config/idem-mdx-service-crt.pem
+   - https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fsp-demo.idem.garr.it%2Fshibboleth /home/eccs/pyff-config/idem-mdx-service-crt.pem
+- select:
+- publish: "/home/eccs/input/sps-metadata.xml"

pyff_cron

+0 3 * * * pyff --logfile=/dev/stdout --loglevel=DEBUG /home/eccs/pyff-config/sps-metadata.xml

start.sh

 #!/bin/bash
 
-bash /root/eccs/get-sps-metadata.sh
+pyff /home/eccs/pyff-config/sps-metadata.xml
 
-touch /root/eccs/eccs.ini
+touch /home/eccs/eccs.ini
 
 # Last command
 exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

supervisord.conf

@@ -28,7 +28,7 @@ autorestart=true
 
 [program:uwsgi]
 #command=uwsgi --ini /root/eccs/eccs.ini --die-on-term
-command=uwsgi --ini /root/eccs/eccs.ini --die-on-term
+command=uwsgi --ini /home/eccs/eccs.ini
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr