|
| 1 | +FROM hub.opensciencegrid.org/opensciencegrid/software-base:3.6-el8-release |
| 2 | + |
| 3 | +RUN yum install -y curl java-11-openjdk java-11-openjdk-devel |
| 4 | + |
| 5 | +# Download and install tomcat |
| 6 | +RUN useradd -r -s /sbin/nologin tomcat ;\ |
| 7 | +mkdir -p /opt/tomcat ;\ |
| 8 | +curl -s -L https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.69/bin/apache-tomcat-9.0.69.tar.gz | tar -zxf - -C /opt/tomcat --strip-components=1 ;\ |
| 9 | +chgrp -R tomcat /opt/tomcat/conf ;\ |
| 10 | +chmod g+rwx /opt/tomcat/conf ;\ |
| 11 | +chmod g+r /opt/tomcat/conf/* ;\ |
| 12 | +chown -R tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/webapps/ /opt/tomcat/work/ ;\ |
| 13 | +chgrp -R tomcat /opt/tomcat/bin /opt/tomcat/lib ;\ |
| 14 | +chmod g+rwx /opt/tomcat/bin ;\ |
| 15 | +chmod g+r /opt/tomcat/bin/* |
| 16 | + |
| 17 | +ADD server.xml /opt/tomcat/conf/server.xml |
| 18 | +RUN chgrp -R tomcat /opt/tomcat/conf/server.xml ;\ |
| 19 | +chmod go+r /opt/tomcat/conf/server.xml |
| 20 | + |
| 21 | +ARG TOMCAT_ADMIN_USERNAME=admin |
| 22 | +ARG TOMCAT_ADMIN_PASSWORD=password |
| 23 | +ADD tomcat-users.xml.tmpl /opt/tomcat/conf/tomcat-users.xml.tmpl |
| 24 | +RUN sed s+TOMCAT_ADMIN_USERNAME+${TOMCAT_ADMIN_USERNAME}+g /opt/tomcat/conf/tomcat-users.xml.tmpl | sed s+TOMCAT_ADMIN_PASSWORD+${TOMCAT_ADMIN_PASSWORD}+g > /opt/tomcat/conf/tomcat-users.xml ;\ |
| 25 | +chgrp tomcat /opt/tomcat/conf/tomcat-users.xml |
| 26 | + |
| 27 | +ARG TOMCAT_ADMIN_IP=127.0.0.1 |
| 28 | +ADD manager.xml.tmpl /opt/tomcat/conf/Catalina/localhost/manager.xml.tmpl |
| 29 | +RUN sed s+TOMCAT_ADMIN_IP+${TOMCAT_ADMIN_IP}+g /opt/tomcat/conf/Catalina/localhost/manager.xml.tmpl > /opt/tomcat/conf/Catalina/localhost/manager.xml ;\ |
| 30 | +chgrp -R tomcat /opt/tomcat/conf/Catalina |
| 31 | + |
| 32 | +COPY --chown=tomcat:tomcat scitokens-server /opt |
| 33 | +#COPY target/oauth2.war /opt/tomcat/webapps/scitokens-server.war |
| 34 | +RUN \ |
| 35 | +curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.2.9.0/oauth2.war > /opt/tomcat/webapps/scitokens-server.war ;\ |
| 36 | +mkdir -p /opt/tomcat/webapps/scitokens-server ;\ |
| 37 | +cd /opt/tomcat/webapps/scitokens-server ;\ |
| 38 | +jar -xf ../scitokens-server.war ;\ |
| 39 | +chgrp -R tomcat /opt/tomcat/webapps/scitokens-server ;\ |
| 40 | +mkdir -p /opt/tomcat/var/storage/scitokens-server ;\ |
| 41 | +chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server ;\ |
| 42 | +rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager |
| 43 | +COPY --chown=tomcat:tomcat scitokens-server/web.xml /opt/tomcat/webapps/scitokens-server/WEB-INF/web.xml |
| 44 | +RUN chmod 644 /opt/tomcat/webapps/scitokens-server/WEB-INF/web.xml |
| 45 | + |
| 46 | +# need to put the java mail jar into the tomcat lib directory |
| 47 | +RUN curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar |
| 48 | + |
| 49 | +# Make JWK a volume mount |
| 50 | +RUN mkdir -p /opt/scitokens-server/bin && mkdir -p /opt/scitokens-server/etc && mkdir -p /opt/scitokens-server/etc/templates && mkdir -p /opt/scitokens-server/lib && mkdir -p /opt/scitokens-server/log && mkdir -p /opt/scitokens-server/var/qdl/scitokens && mkdir -p /opt/scitokens-server/var/storage/file_store |
| 51 | + |
| 52 | +# Make server configuration a volume mount |
| 53 | +ADD scitokens-server/etc/server-config.xml /opt/scitokens-server/etc/server-config.xml.tmpl |
| 54 | +ADD scitokens-server/etc/proxy-config.xml /opt/scitokens-server/etc/proxy-config.xml.tmpl |
| 55 | + |
| 56 | +ADD scitokens-server/bin/scitokens-cli /opt/scitokens-server/bin/scitokens-cli |
| 57 | +#COPY target/oa2-cli.jar /opt/scitokens-server/lib/scitokens-cli.jar |
| 58 | +RUN \ |
| 59 | +curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.2.9.0/oa2-cli.jar >/opt/scitokens-server/lib/scitokens-cli.jar ;\ |
| 60 | +chmod +x /opt/scitokens-server/bin/scitokens-cli |
| 61 | + |
| 62 | +ADD scitokens-server/etc/templates/client-template.xml /opt/scitokens-server/etc/templates/client-template.xml |
| 63 | +ADD scitokens-server/var/qdl/scitokens/ospool.qdl /opt/scitokens-server/var/qdl/scitokens/ospool.qdl |
| 64 | +ADD scitokens-server/var/qdl/scitokens/comanage.qdl.tmpl /opt/scitokens-server/var/qdl/scitokens/comanage.qdl.tmpl |
| 65 | +RUN chgrp tomcat /opt/scitokens-server/var/qdl/scitokens/ospool.qdl /opt/scitokens-server/var/qdl/scitokens/comanage.qdl.tmpl |
| 66 | +RUN ln -s /usr/lib64/libapr-1.so.0 /opt/tomcat/lib/libapr-1.so.0 |
| 67 | + |
| 68 | +# QDL support 21-01-2021 |
| 69 | +RUN curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.2.9.0/oa2-qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ |
| 70 | +java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl |
| 71 | + |
| 72 | +RUN mkdir -p /opt/qdl/var/scripts |
| 73 | + |
| 74 | +ADD qdl/etc/qdl.properties /opt/qdl/etc/qdl.properties |
| 75 | +ADD qdl/etc/qdl-cfg.xml /opt/qdl/etc/qdl-cfg.xml |
| 76 | + |
| 77 | +ADD qdl/var/scripts/boot.qdl /opt/qdl/var/scripts/boot.qdl |
| 78 | +RUN chmod +x /opt/qdl/var/scripts/boot.qdl |
| 79 | + |
| 80 | +ADD qdl/bin/qdl /opt/qdl/bin/qdl |
| 81 | +RUN chmod +x /opt/qdl/bin/qdl |
| 82 | + |
| 83 | +ADD qdl/bin/qdl-run /opt/qdl/bin/qdl-run |
| 84 | +RUN chmod +x /opt/qdl/bin/qdl-run |
| 85 | +# END QDL support |
| 86 | + |
| 87 | +# Add CHTC custom CA to trust store |
| 88 | +COPY tiger-ca.pem /opt/scitokens-server/tiger-ca.pem |
| 89 | +RUN keytool -import -alias tigerca -file /opt/scitokens-server/tiger-ca.pem -cacerts -trustcacerts -noprompt -storepass changeit;\ |
| 90 | +rm /opt/scitokens-server/tiger-ca.pem |
| 91 | + |
| 92 | +ENV JAVA_HOME=/usr/lib/jvm/jre |
| 93 | +ENV CATALINA_PID=/opt/tomcat/temp/tomcat.pid |
| 94 | +ENV CATALINA_HOME=/opt/tomcat |
| 95 | +ENV CATALINA_BASE=/opt/tomcat |
| 96 | +ENV CATALINA_OPTS="-Xms512M -Xmx1024M -server -XX:+UseParallelGC" |
| 97 | +ENV JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Djava.library.path=/opt/tomcat/lib" |
| 98 | +ENV ST_HOME="/opt/scitokens-server" |
| 99 | +ENV QDL_HOME="/opt/qdl" |
| 100 | +ENV PATH="${ST_HOME}/bin:${QDL_HOME}/bin:${PATH}" |
| 101 | + |
| 102 | +#RUN "${QDL_HOME}/var/scripts/boot.qdl" |
| 103 | +ADD start.sh /start.sh |
| 104 | +CMD ["/start.sh"] |
0 commit comments