Loading data-node/globus/certificate-filedeleted 100644 → 0 +0 −87 Original line number Diff line number Diff line -----BEGIN CERTIFICATE----- MIIFADCCAuigAwIBAgICAoIwDQYJKoZIhvcNAQELBQAwRjENMAsGA1UECgwERVNH RjERMA8GA1UECwwIRVNHRi5PUkcxIjAgBgNVBAMMGWVzZ2Ytbm9kZS5qcGwubmFz YS5nb3YtQ0EwHhcNMTcwMjA4MTAzNzA4WhcNMTcwMjEwMTA0MjA4WjBlMQ0wCwYD VQQKEwRFU0dGMREwDwYDVQQLEwhFU0dGLk9SRzFBMD8GA1UEAxM4aHR0cHM6Ly9l c2dmLW5vZGUuanBsLm5hc2EuZ292L2VzZ2YtaWRwL29wZW5pZC9yb290QWRtaW4w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbFYysdInKz3eOWwOE5lxw okjuCiXwcH58+n+CJJ7YDlTKN6oAwuEkgPTNHan3Hp41UvJDZuIS81e/np7jpyBl qH3V+uFsB+vUIH6A+rEZjGSlJB4lvfq8pHz8avm/O79dWa29iLBHRFcgf9tk2htR DapF8+Fx4VhS+R//gIg3vhC/KomgRbfo59i8pUSRNFJipvE9bs1XWad0/qP3rCe4 eZKC/B2ZCm4EDNwT6lCtXrxIUzMQofNDOmZVya6pJYxaBTNhL2bp+D/JsdRAbBRl Cg0Az9TitNbHKCV3NbZWOW1B0PwoPOEpPMA7qTnTpuNa51k5fZad2KnrcZIBmeDr AgMBAAGjgdgwgdUwgdIGCSoDBAQDAgEHCASBxAyBwWVzZy52by5ncm91cC5yb2xl cz1ncm91cF9OQVNBIE9CU19yb2xlX3VzZXI7Z3JvdXBfTkFTQSBPQlNfcm9sZV9z dXBlcjtncm91cF9OQVNBIE9CU19yb2xlX3B1Ymxpc2hlcjtncm91cF93aGVlbF9y b2xlX3N1cGVyOmVzZy52by5vcGVuaWQ9aHR0cHM6Ly9lc2dmLW5vZGUuanBsLm5h c2EuZ292L2VzZ2YtaWRwL29wZW5pZC9yb290QWRtaW4wDQYJKoZIhvcNAQELBQAD ggIBALVCmXyhWjreCVrPBnixdsEpEgb7wuBcjtSQZTymMLesiZBUDBYySyuNPQMe tRKehLgPLK3r9lJ6eh4arrBypLNQ5dhnGqPujBFaV19VLnTFrAY2hSWWSracLAWG bakX569zKD8caIh0fBrsZf43ICcUHs8hWnQi/xcZv2Uz5L6DWDnAYI1mkBEfY6pd v/0CxWknoAUbJ1Q2rWQ0uFiB+BI8G7TToVDU9tMfaNEorrj+ircgbFMP5+7/R1yA Tb5GpxG8qVCS+pvR+zL/KligPFLtNiINa4zvzS9397BEDnnHmJrBly0KjeaaLgqW dVsQhau5/yUDT5n/vn0jKual17AlSmX6HY4QXh+/hFIjOXlHGgdUXGEkxSgEO/Zc WNvVFO4K5m9f7O2rRh4MIh+fY6JcKCyHNkCEBC0zmIpC5jaM0N0bujV1aHQB2ubV lhGzWaUfDFhBph26UrFma/oh9Gok5fouiGc+M7c4y3A8ObBZaFO4RUnjkBJN0d2V tVQjhmiPWTWERmUA6XxApIWaKoWfH6VvdL+Zl2r9xDSHZPK2zpxUmm3jPR4j/43k DG8GAh65Gean6hUVrbHLWlZ7z9HDToWdlQoOFkbusXbqQnDEhFGM9ZGLgkUPCNKc mPTcNB6Y84fzGKcuxOg7DQGAykutq0bZpGPQxy0SREwRteea -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA2xWMrHSJys93jlsDhOZccKJI7gol8HB+fPp/giSe2A5Uyjeq AMLhJID0zR2p9x6eNVLyQ2biEvNXv56e46cgZah91frhbAfr1CB+gPqxGYxkpSQe Jb36vKR8/Gr5vzu/XVmtvYiwR0RXIH/bZNobUQ2qRfPhceFYUvkf/4CIN74QvyqJ oEW36OfYvKVEkTRSYqbxPW7NV1mndP6j96wnuHmSgvwdmQpuBAzcE+pQrV68SFMz EKHzQzpmVcmuqSWMWgUzYS9m6fg/ybHUQGwUZQoNAM/U4rTWxygldzW2VjltQdD8 KDzhKTzAO6k506bjWudZOX2Wndip63GSAZng6wIDAQABAoIBAQCOeK4ZvFObY13R YpigRZpZ2P9qZYkUmmN3bQOco6n0wSUcuCRDCHiXX5FTDnZocS3baYyIjpB4WG14 /HNBgn7L/U2P6O3Nbj1LnrIFuIGRJr6QsjM0wh4brTBmij7NwNIKp/YXapuQTP4H 8X3AUSIwjJ1tjlLO1we0NbQ8WN68uBW7DgBakwtLcZG5YLzv3gmyflKto6Xcbu35 XjP1lprpTZSP48r0rlgLYfXEDh2p9fNWZ70tAmW9P7oZ7eDciUDmJkO++R6//lj+ TDuFQPLQdC3hxSjyRKLgFA6Zk9DOqxOdgtIgJ1AbRhUVleOoPbvxdXgkBicAPfX8 ShOIxuwpAoGBAP11ha3UlxsjNFRIk/2P93wN3XZGNZL1YJyoMI0LCoxsTsm2dSRY EJ/p++6P7fAvLcFMWdl5gsyIDZZYApjwH2nGGTfs4BINmHDlKw8sufn4bzPIDPYU l1KGzQd15AglKNbscU2/1WhDgdOR6AO+hp7equOUqhStUJ07ytPHnEVPAoGBAN1H zrqZXhNAb+q3y9+6UpQAfR2xmQnAe9FeOffVuWuUrVvrIRnLmlYJCwc/i80EBe2z iFqvX5Mkc61y5ACeYi3l5oE3YnbrD2DesUxmMfAIT5UZlIMiWAoEPDPdov85rFDF slX3Fb/YWiLdGCB81F2ZI1Lo+4rKhW3kJ9chmDulAoGAfTkiCacd3NeA1B9jloQZ dt32y6eWcnvu9pcWHakV1hjwuDIAICuuUwOsZ8oOeXsltPm+7nZdTCXv6Jak+eCw 9HZeIUZT0jeLWEOxCXdEjx7R+hhdZvr3ZFubUpNJTUjmq4D33bzod/HaY6gTpD3u jvFeJsBdY4fZa0WOSSG2sHsCgYBJ8LOwgI0B69c53D6gvLbZQ6yLHowfyRTWqiC+ osj5nM2s2E3QO8uPkigAPQiu8fg1LHeUreNG3LhWrfxoBISUB61VYjdhuzwBR4iB Gej35x8ImGqawwAeILopLpdHp3Lf7p+fwBehal78JVrpiCzCNeiqzLU49GFPjhyN 82jWDQKBgB57nBAKoBlonnQQOgKI62T4WQo5L5IdgdFnsI9Ev1FlexCTjA9e5j+e +gZHX3xgzi+KvXEuV6hcePLLpnuRce3DX4ypILyDp68mhJUR+yXJzIy000QFPZNQ uGltFF+ViWo0wmDzg50yDgR+jLBJP00JT/MPdBjG1WVsHQVXVmFy -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFXjCCA0agAwIBAgIBbjANBgkqhkiG9w0BAQsFADBYMQ0wCwYDVQQKDARFU0dG MREwDwYDVQQLDAhFU0dGLk9SRzEcMBoGA1UECwwTc2ltcGxlY2EubnNjLmxpdS5z ZTEWMBQGA1UEAwwNTlNDIFNpbXBsZSBDQTAeFw0xNjEyMTUxMTAwMTRaFw0xNzEy MTUxMTAwMTRaMEYxDTALBgNVBAoMBEVTR0YxETAPBgNVBAsMCEVTR0YuT1JHMSIw IAYDVQQDDBllc2dmLW5vZGUuanBsLm5hc2EuZ292LUNBMIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEAw8f1Mel6ujolxiefzwJYaf23E6wc4yWNiOj/2fpK gO+Hl18rH6e2mt5aEjDBL5bieS6Fq4M9IvUpUrVWINaa+8W4QDLZAmousErd3DCL zmF8Mnqn27FHrGrVRcYNTrTZNKug/yBELmEeLHJUiU9h9mp6Gni1tsTArd3mK4WH RFDaIhFNc7r3GOwoLvo2IBfsKlikjJEYWVVV2vkMXFs9jTxYEkSjd88/p279+bWC QhSWQEBTz/LpLFsV+15Rai+Eechqb2AZuOEX4tR0yUERVt0OJUo5ENjfAzLxL3UH pL1gCVABh3U7Rp8QNvLmn6H364XG9gvM5SSo5QS5Hb5YkrPYeVr6cXix5NPszMOs EEf2xsFwQ4g94Aa22AqzliX46DPpDK8+KkSluSRNH9ykvnWs8LU1ejhX4uTmCz8E KQd9abR5V2L2HEWOxn82RfuGSk0sT0u5AEAVotJAtAp5SZm4dNRtye7uyCcCf2JJ g74geh4hUaXV6RSne1yyULjAkPXzxNt274pq2UR7CkpWii+vtBB7+lV6jQ93hWH8 5IIym85mhIvYfXLdOydiTPAWdJ76uwCPzoAJ8Wby/7zXJHmIl57KR9j7ZZr8Mj2y T8o8YJOWPXrdzXfzKMhAiotF25AvpGA7Ql2GUW/FU99KoJRsUYXqW9W/ZLBLZi28 KTUCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBiC9xevZmQPD b/fOmZcZogPn4Y0wEQYJYIZIAYb4QgEBBAQDAgAHMA0GCSqGSIb3DQEBCwUAA4IC AQCClg7rsYzPV99V3+3OLETDaHKV3ndv/pW98ZSLQJ4yDiVD8OzEGe/wPBDOQV6R /fcFaR5vvvmbnhhfwJv3dHaNj+d+W1RZt5FOnNpZY9NBPZeEln+tt/lTOdefEelZ nZthpeVOndOwFHEpg/faowjcWESOvBAr7Apvla/Rq5bFgJrCszrNsG5OnOxepQXl lJv5iFEYPr5xhlUOcKUcayHfK64M2h9/9Dg2g6AkKxjiuN458IhiXOBjX0IdhP3O GT5mlpaVaQHnt/aYqluCqC4ekvIKYUxt1eh6G997clV8vOYFP1xJ9HTnK+Lb1D7a axiu+NBVyLvNrXzdsKaeu1KY5Cau5LGa20BChSDVg0+8szWZegHPof3Aa1qydNSr S6RAAGLZulMqApA+JFA5Zy/bnO34ISrHxKqzbYN90EgMS4TjiOox/y7xI5Z4WRcm 2KApq4NmIf/194kKGORXAfkD78v19NcC7iOeCqThp1gq+IcHiL+bgB9MrXr4E21/ GP67Y2RV/K+SU2odw9a25H3aLPzaiHTTRod2GoaSGY+ZXN5c7EaWRBQnSNCTBCn2 /SlLBVE98MYSeZwv82CoJW8Y/oIIfPoz54/CTJCwsJB/g9JexF6OnTiLWDo4TnJN +OoGyvkRDIQSDCcCV5/0RdUKDwwte2GvEJwz3RqSOUNisw== -----END CERTIFICATE----- docker-compose.yml +30 −6 Original line number Diff line number Diff line Loading @@ -48,9 +48,34 @@ services: - pg_data:/var/lib/pgsql/data # ESGF Data Node esgf-data-node: image: esgfhub/esgf-data-node:${ESGF_VERSION} container_name: data-node #esgf-data-node: # image: esgfhub/esgf-data-node:${ESGF_VERSION} # container_name: data-node # expose: # - "8080" # - "8443" # ports: # - "8080:8080" # - "8443:8443" # networks: # - default # - dbnetwork # volumes: # - tds_data:/esg/content/thredds # - $ESGF_CONFIG/webapps/thredds/WEB-INF/web.xml:/usr/local/tomcat/webapps/thredds/WEB-INF/web.xml # - $ESGF_DATA_DIR:/esg/data #- $ESGF_CONFIG/grid-security/certificates/:/etc/grid-security/certificates/ #- $ESGF_CONFIG/globus/certificate-file:/root/.globus/certificate-file # volumes_from: # - esgf-config # environment: # - ESGF_HOSTNAME # depends_on: # - esgf-postgres esgf-tds: image: esgfhub/esgf-tds:${ESGF_VERSION} container_name: tds expose: - "8080" - "8443" Loading @@ -64,8 +89,6 @@ services: - tds_data:/esg/content/thredds - $ESGF_CONFIG/webapps/thredds/WEB-INF/web.xml:/usr/local/tomcat/webapps/thredds/WEB-INF/web.xml - $ESGF_DATA_DIR:/esg/data #- $ESGF_CONFIG/grid-security/certificates/:/etc/grid-security/certificates/ #- $ESGF_CONFIG/globus/certificate-file:/root/.globus/certificate-file volumes_from: - esgf-config environment: Loading @@ -73,6 +96,7 @@ services: depends_on: - esgf-postgres # ESGF-Auth client esgf-auth: image: esgfhub/esgf-auth:${ESGF_VERSION} Loading esgf_config/httpd/conf/esgf-httpd.conf +4 −4 Original line number Diff line number Diff line Loading @@ -31,8 +31,8 @@ ServerName my.esgf.node ProxyPassReverse /esg-search ajp://esgf-index-node:8009/esg-search # proxy /thredds requests to Tomcat ProxyPass /thredds ajp://esgf-data-node:8009/thredds ProxyPassReverse /thredds ajp://esgf-data-node:8009/thredds ProxyPass /thredds ajp://esgf-tds:8009/thredds ProxyPassReverse /thredds ajp://esgf-tds:8009/thredds # proxy /esgf-stats-api requests to Tomcat ProxyPass /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api Loading Loading @@ -88,8 +88,8 @@ WSGISocketPrefix run/wsgi ProxyPassReverse /esgf-idp ajp://esgf-idp-node:8009/esgf-idp ProxyPass /esg-search ajp://esgf-index-node:8009/esg-search ProxyPassReverse /esg-search ajp://esgf-index-node:8009/esg-search ProxyPass /thredds ajp://esgf-data-node:8009/thredds ProxyPassReverse /thredds ajp://esgf-data-node:8009/thredds ProxyPass /thredds ajp://esgf-tds:8009/thredds ProxyPassReverse /thredds ajp://esgf-tds:8009/thredds ProxyPass /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api ProxyPassReverse /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api # ProxyPass /esgf-dashboard ajp://localhost:8009/esgf-dashboard Loading scripts/change_password.sh +5 −3 Original line number Diff line number Diff line Loading @@ -29,6 +29,8 @@ docker exec -it cog /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/ docker stop cog # change password inside (running) data-node container docker start data-node docker exec -it data-node /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/local/bin/change_data_node_password.sh" docker stop data-node docker start tds docker exec -it tds /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/local/bin/change_tds_password.sh" docker stop tds # TODO: change password in file esg.ini inside esgf-publisher container tds/Dockerfile 0 → 100644 +101 −0 Original line number Diff line number Diff line # Docker image containing the THREDDS Data Server (TDS) # customized with ESGF access control filters ARG ESGF_IMAGES_HUB=esgfhub ARG ESGF_VERSION=devel FROM $ESGF_IMAGES_HUB/esgf-tomcat:$ESGF_VERSION MAINTAINER ESGF <esgf-devel@lists.llnl.gov> # default ESGF repository ARG ESGF_REPO=http://distrib-coffee.ipsl.jussieu.fr/pub/esgf #============================================ # update system libraries RUN yum -y update; yum clean all # install TDS RUN mkdir -p /usr/local/tomcat/webapps/thredds #COPY thredds/thredds.war /usr/local/tomcat/webapps/thredds/thredds.war ADD $ESGF_REPO/dist/thredds/5.0/5.0.2/thredds.war /usr/local/tomcat/webapps/thredds/ RUN cd /usr/local/tomcat/webapps/thredds && \ jar xvf thredds.war && \ rm thredds.war && \ chown -R tomcat:tomcat /usr/local/tomcat/webapps/thredds # TDS configuration root RUN mkdir -p /esg/content/thredds # TDS memory configuration COPY conf/threddsConfig.xml /esg/content/thredds/threddsConfig.xml # ESGF root catalog COPY conf/catalog.xml /esg/content/thredds/catalog.xml-esgcet #COPY thredds/conf/esgcet/catalog.xml /esg/content/thredds/esgcet/catalog.xml RUN mkdir -p /esg/content/thredds/esgcet # TDS customized applicationContext.xml file with ESGF authorizer COPY conf/applicationContext.xml /usr/local/tomcat/webapps/thredds/WEB-INF/applicationContext.xml # TDS jars necessary to support ESGF security filters # some jars are retrieved from the ESGF repository # other jars are copied from the unpacked ORP or NM distributions #COPY thredds/jars/* $CATALINA_HOME/webapps/thredds/WEB-INF/lib/ ADD $ESGF_REPO/dist/filters/XSGroupRole-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/XSGroupRole-1.0.0.jar ADD $ESGF_REPO/dist/filters/commons-httpclient-3.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-httpclient-3.1.jar ADD $ESGF_REPO/dist/filters/commons-lang-2.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-lang-2.6.jar # FIXME COPY etc/esg-orp-2.9.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esg-orp-2.9.6.jar #ADD $ESGF_REPO/dist/esg-orp/esg-orp-2.9.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esg-orp-2.9.6.jar ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager-common-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-node-manager-common-1.0.0.jar ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager-filters-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-node-manager-filters-1.0.0.jar ADD $ESGF_REPO/dist/esgf-security/esgf-security-2.7.10.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-security-2.7.15.jar ADD $ESGF_REPO/dist/filters/jdom-legacy-1.1.3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/jdom-legacy-1.1.3.jar ADD $ESGF_REPO/dist/filters/opensaml-2.3.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/opensaml-2.3.2.jar ADD $ESGF_REPO/dist/filters/openws-1.3.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/openws-1.3.1.jar ADD $ESGF_REPO/dist/filters/xmltooling-1.2.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xmltooling-1.2.2.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/xml-security/xmlsec/1.4.2/xmlsec-1.4.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xmlsec-1.4.2.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/velocity/velocity/1.5/velocity-1.5.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/velocity-1.5.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/xalan/serializer/2.9.1/serializer-2.9.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/serializer-2.9.1.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/postgresql/postgresql/8.4-703.jdbc3/postgresql-8.4-703.jdbc3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/postgresql-8.4-703.jdbc3.jar # FIXME: must obtain missing jars from ORP and old NODE-MANAGER distributions ADD $ESGF_REPO/dist/esg-orp/esg-orp.war /tmp/esg-orp/esg-orp.war RUN cd /tmp/esg-orp && \ jar xvf esg-orp.war && \ cp WEB-INF/lib/xalan-2.7.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xalan-2.7.2.jar && \ cp WEB-INF/lib/xercesImpl-2.10.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xercesImpl-2.10.0.jar && \ cp WEB-INF/lib/xml-apis-1.4.01.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xml-apis-1.4.01.jar && \ cp WEB-INF/lib/commons-io-2.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-io-2.4.jar RUN rm -rf /tmp/esgf-orp ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager.war /tmp/esgf-node-manager/esgf-node-manager.war RUN cd /tmp/esgf-node-manager && \ jar xvf esgf-node-manager.war && \ cp WEB-INF/lib/commons-dbcp-1.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-dbcp-1.4.jar && \ cp WEB-INF/lib/commons-dbutils-1.3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-dbutils-1.3.jar && \ cp WEB-INF/lib/commons-pool-1.5.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-pool-1.5.4.jar RUN rm -rf /tmp/esgf-node-manager # TDS customized logging (uses DEBUG) COPY conf/log4j2.xml /usr/local/tomcat/webapps/thredds/WEB-INF/classes/log4j2.xml # data node scripts COPY scripts/ /usr/local/bin/ # TDS test ESGF catalogs # COPY esgf-content/thredds/ /esg/content/thredds/ # TDS catalogs location #RUN mkdir -p /esg/content/thredds/esgcet # change ownership of content directory RUN chown -R tomcat:tomcat /esg/content/thredds/ # change ownership of source directory RUN chown -R tomcat:tomcat $CATALINA_HOME/webapps/thredds ENTRYPOINT /usr/local/bin/docker-entrypoint.sh Loading
data-node/globus/certificate-filedeleted 100644 → 0 +0 −87 Original line number Diff line number Diff line -----BEGIN CERTIFICATE----- MIIFADCCAuigAwIBAgICAoIwDQYJKoZIhvcNAQELBQAwRjENMAsGA1UECgwERVNH RjERMA8GA1UECwwIRVNHRi5PUkcxIjAgBgNVBAMMGWVzZ2Ytbm9kZS5qcGwubmFz YS5nb3YtQ0EwHhcNMTcwMjA4MTAzNzA4WhcNMTcwMjEwMTA0MjA4WjBlMQ0wCwYD VQQKEwRFU0dGMREwDwYDVQQLEwhFU0dGLk9SRzFBMD8GA1UEAxM4aHR0cHM6Ly9l c2dmLW5vZGUuanBsLm5hc2EuZ292L2VzZ2YtaWRwL29wZW5pZC9yb290QWRtaW4w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbFYysdInKz3eOWwOE5lxw okjuCiXwcH58+n+CJJ7YDlTKN6oAwuEkgPTNHan3Hp41UvJDZuIS81e/np7jpyBl qH3V+uFsB+vUIH6A+rEZjGSlJB4lvfq8pHz8avm/O79dWa29iLBHRFcgf9tk2htR DapF8+Fx4VhS+R//gIg3vhC/KomgRbfo59i8pUSRNFJipvE9bs1XWad0/qP3rCe4 eZKC/B2ZCm4EDNwT6lCtXrxIUzMQofNDOmZVya6pJYxaBTNhL2bp+D/JsdRAbBRl Cg0Az9TitNbHKCV3NbZWOW1B0PwoPOEpPMA7qTnTpuNa51k5fZad2KnrcZIBmeDr AgMBAAGjgdgwgdUwgdIGCSoDBAQDAgEHCASBxAyBwWVzZy52by5ncm91cC5yb2xl cz1ncm91cF9OQVNBIE9CU19yb2xlX3VzZXI7Z3JvdXBfTkFTQSBPQlNfcm9sZV9z dXBlcjtncm91cF9OQVNBIE9CU19yb2xlX3B1Ymxpc2hlcjtncm91cF93aGVlbF9y b2xlX3N1cGVyOmVzZy52by5vcGVuaWQ9aHR0cHM6Ly9lc2dmLW5vZGUuanBsLm5h c2EuZ292L2VzZ2YtaWRwL29wZW5pZC9yb290QWRtaW4wDQYJKoZIhvcNAQELBQAD ggIBALVCmXyhWjreCVrPBnixdsEpEgb7wuBcjtSQZTymMLesiZBUDBYySyuNPQMe tRKehLgPLK3r9lJ6eh4arrBypLNQ5dhnGqPujBFaV19VLnTFrAY2hSWWSracLAWG bakX569zKD8caIh0fBrsZf43ICcUHs8hWnQi/xcZv2Uz5L6DWDnAYI1mkBEfY6pd v/0CxWknoAUbJ1Q2rWQ0uFiB+BI8G7TToVDU9tMfaNEorrj+ircgbFMP5+7/R1yA Tb5GpxG8qVCS+pvR+zL/KligPFLtNiINa4zvzS9397BEDnnHmJrBly0KjeaaLgqW dVsQhau5/yUDT5n/vn0jKual17AlSmX6HY4QXh+/hFIjOXlHGgdUXGEkxSgEO/Zc WNvVFO4K5m9f7O2rRh4MIh+fY6JcKCyHNkCEBC0zmIpC5jaM0N0bujV1aHQB2ubV lhGzWaUfDFhBph26UrFma/oh9Gok5fouiGc+M7c4y3A8ObBZaFO4RUnjkBJN0d2V tVQjhmiPWTWERmUA6XxApIWaKoWfH6VvdL+Zl2r9xDSHZPK2zpxUmm3jPR4j/43k DG8GAh65Gean6hUVrbHLWlZ7z9HDToWdlQoOFkbusXbqQnDEhFGM9ZGLgkUPCNKc mPTcNB6Y84fzGKcuxOg7DQGAykutq0bZpGPQxy0SREwRteea -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA2xWMrHSJys93jlsDhOZccKJI7gol8HB+fPp/giSe2A5Uyjeq AMLhJID0zR2p9x6eNVLyQ2biEvNXv56e46cgZah91frhbAfr1CB+gPqxGYxkpSQe Jb36vKR8/Gr5vzu/XVmtvYiwR0RXIH/bZNobUQ2qRfPhceFYUvkf/4CIN74QvyqJ oEW36OfYvKVEkTRSYqbxPW7NV1mndP6j96wnuHmSgvwdmQpuBAzcE+pQrV68SFMz EKHzQzpmVcmuqSWMWgUzYS9m6fg/ybHUQGwUZQoNAM/U4rTWxygldzW2VjltQdD8 KDzhKTzAO6k506bjWudZOX2Wndip63GSAZng6wIDAQABAoIBAQCOeK4ZvFObY13R YpigRZpZ2P9qZYkUmmN3bQOco6n0wSUcuCRDCHiXX5FTDnZocS3baYyIjpB4WG14 /HNBgn7L/U2P6O3Nbj1LnrIFuIGRJr6QsjM0wh4brTBmij7NwNIKp/YXapuQTP4H 8X3AUSIwjJ1tjlLO1we0NbQ8WN68uBW7DgBakwtLcZG5YLzv3gmyflKto6Xcbu35 XjP1lprpTZSP48r0rlgLYfXEDh2p9fNWZ70tAmW9P7oZ7eDciUDmJkO++R6//lj+ TDuFQPLQdC3hxSjyRKLgFA6Zk9DOqxOdgtIgJ1AbRhUVleOoPbvxdXgkBicAPfX8 ShOIxuwpAoGBAP11ha3UlxsjNFRIk/2P93wN3XZGNZL1YJyoMI0LCoxsTsm2dSRY EJ/p++6P7fAvLcFMWdl5gsyIDZZYApjwH2nGGTfs4BINmHDlKw8sufn4bzPIDPYU l1KGzQd15AglKNbscU2/1WhDgdOR6AO+hp7equOUqhStUJ07ytPHnEVPAoGBAN1H zrqZXhNAb+q3y9+6UpQAfR2xmQnAe9FeOffVuWuUrVvrIRnLmlYJCwc/i80EBe2z iFqvX5Mkc61y5ACeYi3l5oE3YnbrD2DesUxmMfAIT5UZlIMiWAoEPDPdov85rFDF slX3Fb/YWiLdGCB81F2ZI1Lo+4rKhW3kJ9chmDulAoGAfTkiCacd3NeA1B9jloQZ dt32y6eWcnvu9pcWHakV1hjwuDIAICuuUwOsZ8oOeXsltPm+7nZdTCXv6Jak+eCw 9HZeIUZT0jeLWEOxCXdEjx7R+hhdZvr3ZFubUpNJTUjmq4D33bzod/HaY6gTpD3u jvFeJsBdY4fZa0WOSSG2sHsCgYBJ8LOwgI0B69c53D6gvLbZQ6yLHowfyRTWqiC+ osj5nM2s2E3QO8uPkigAPQiu8fg1LHeUreNG3LhWrfxoBISUB61VYjdhuzwBR4iB Gej35x8ImGqawwAeILopLpdHp3Lf7p+fwBehal78JVrpiCzCNeiqzLU49GFPjhyN 82jWDQKBgB57nBAKoBlonnQQOgKI62T4WQo5L5IdgdFnsI9Ev1FlexCTjA9e5j+e +gZHX3xgzi+KvXEuV6hcePLLpnuRce3DX4ypILyDp68mhJUR+yXJzIy000QFPZNQ uGltFF+ViWo0wmDzg50yDgR+jLBJP00JT/MPdBjG1WVsHQVXVmFy -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIFXjCCA0agAwIBAgIBbjANBgkqhkiG9w0BAQsFADBYMQ0wCwYDVQQKDARFU0dG MREwDwYDVQQLDAhFU0dGLk9SRzEcMBoGA1UECwwTc2ltcGxlY2EubnNjLmxpdS5z ZTEWMBQGA1UEAwwNTlNDIFNpbXBsZSBDQTAeFw0xNjEyMTUxMTAwMTRaFw0xNzEy MTUxMTAwMTRaMEYxDTALBgNVBAoMBEVTR0YxETAPBgNVBAsMCEVTR0YuT1JHMSIw IAYDVQQDDBllc2dmLW5vZGUuanBsLm5hc2EuZ292LUNBMIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEAw8f1Mel6ujolxiefzwJYaf23E6wc4yWNiOj/2fpK gO+Hl18rH6e2mt5aEjDBL5bieS6Fq4M9IvUpUrVWINaa+8W4QDLZAmousErd3DCL zmF8Mnqn27FHrGrVRcYNTrTZNKug/yBELmEeLHJUiU9h9mp6Gni1tsTArd3mK4WH RFDaIhFNc7r3GOwoLvo2IBfsKlikjJEYWVVV2vkMXFs9jTxYEkSjd88/p279+bWC QhSWQEBTz/LpLFsV+15Rai+Eechqb2AZuOEX4tR0yUERVt0OJUo5ENjfAzLxL3UH pL1gCVABh3U7Rp8QNvLmn6H364XG9gvM5SSo5QS5Hb5YkrPYeVr6cXix5NPszMOs EEf2xsFwQ4g94Aa22AqzliX46DPpDK8+KkSluSRNH9ykvnWs8LU1ejhX4uTmCz8E KQd9abR5V2L2HEWOxn82RfuGSk0sT0u5AEAVotJAtAp5SZm4dNRtye7uyCcCf2JJ g74geh4hUaXV6RSne1yyULjAkPXzxNt274pq2UR7CkpWii+vtBB7+lV6jQ93hWH8 5IIym85mhIvYfXLdOydiTPAWdJ76uwCPzoAJ8Wby/7zXJHmIl57KR9j7ZZr8Mj2y T8o8YJOWPXrdzXfzKMhAiotF25AvpGA7Ql2GUW/FU99KoJRsUYXqW9W/ZLBLZi28 KTUCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUBiC9xevZmQPD b/fOmZcZogPn4Y0wEQYJYIZIAYb4QgEBBAQDAgAHMA0GCSqGSIb3DQEBCwUAA4IC AQCClg7rsYzPV99V3+3OLETDaHKV3ndv/pW98ZSLQJ4yDiVD8OzEGe/wPBDOQV6R /fcFaR5vvvmbnhhfwJv3dHaNj+d+W1RZt5FOnNpZY9NBPZeEln+tt/lTOdefEelZ nZthpeVOndOwFHEpg/faowjcWESOvBAr7Apvla/Rq5bFgJrCszrNsG5OnOxepQXl lJv5iFEYPr5xhlUOcKUcayHfK64M2h9/9Dg2g6AkKxjiuN458IhiXOBjX0IdhP3O GT5mlpaVaQHnt/aYqluCqC4ekvIKYUxt1eh6G997clV8vOYFP1xJ9HTnK+Lb1D7a axiu+NBVyLvNrXzdsKaeu1KY5Cau5LGa20BChSDVg0+8szWZegHPof3Aa1qydNSr S6RAAGLZulMqApA+JFA5Zy/bnO34ISrHxKqzbYN90EgMS4TjiOox/y7xI5Z4WRcm 2KApq4NmIf/194kKGORXAfkD78v19NcC7iOeCqThp1gq+IcHiL+bgB9MrXr4E21/ GP67Y2RV/K+SU2odw9a25H3aLPzaiHTTRod2GoaSGY+ZXN5c7EaWRBQnSNCTBCn2 /SlLBVE98MYSeZwv82CoJW8Y/oIIfPoz54/CTJCwsJB/g9JexF6OnTiLWDo4TnJN +OoGyvkRDIQSDCcCV5/0RdUKDwwte2GvEJwz3RqSOUNisw== -----END CERTIFICATE-----
docker-compose.yml +30 −6 Original line number Diff line number Diff line Loading @@ -48,9 +48,34 @@ services: - pg_data:/var/lib/pgsql/data # ESGF Data Node esgf-data-node: image: esgfhub/esgf-data-node:${ESGF_VERSION} container_name: data-node #esgf-data-node: # image: esgfhub/esgf-data-node:${ESGF_VERSION} # container_name: data-node # expose: # - "8080" # - "8443" # ports: # - "8080:8080" # - "8443:8443" # networks: # - default # - dbnetwork # volumes: # - tds_data:/esg/content/thredds # - $ESGF_CONFIG/webapps/thredds/WEB-INF/web.xml:/usr/local/tomcat/webapps/thredds/WEB-INF/web.xml # - $ESGF_DATA_DIR:/esg/data #- $ESGF_CONFIG/grid-security/certificates/:/etc/grid-security/certificates/ #- $ESGF_CONFIG/globus/certificate-file:/root/.globus/certificate-file # volumes_from: # - esgf-config # environment: # - ESGF_HOSTNAME # depends_on: # - esgf-postgres esgf-tds: image: esgfhub/esgf-tds:${ESGF_VERSION} container_name: tds expose: - "8080" - "8443" Loading @@ -64,8 +89,6 @@ services: - tds_data:/esg/content/thredds - $ESGF_CONFIG/webapps/thredds/WEB-INF/web.xml:/usr/local/tomcat/webapps/thredds/WEB-INF/web.xml - $ESGF_DATA_DIR:/esg/data #- $ESGF_CONFIG/grid-security/certificates/:/etc/grid-security/certificates/ #- $ESGF_CONFIG/globus/certificate-file:/root/.globus/certificate-file volumes_from: - esgf-config environment: Loading @@ -73,6 +96,7 @@ services: depends_on: - esgf-postgres # ESGF-Auth client esgf-auth: image: esgfhub/esgf-auth:${ESGF_VERSION} Loading
esgf_config/httpd/conf/esgf-httpd.conf +4 −4 Original line number Diff line number Diff line Loading @@ -31,8 +31,8 @@ ServerName my.esgf.node ProxyPassReverse /esg-search ajp://esgf-index-node:8009/esg-search # proxy /thredds requests to Tomcat ProxyPass /thredds ajp://esgf-data-node:8009/thredds ProxyPassReverse /thredds ajp://esgf-data-node:8009/thredds ProxyPass /thredds ajp://esgf-tds:8009/thredds ProxyPassReverse /thredds ajp://esgf-tds:8009/thredds # proxy /esgf-stats-api requests to Tomcat ProxyPass /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api Loading Loading @@ -88,8 +88,8 @@ WSGISocketPrefix run/wsgi ProxyPassReverse /esgf-idp ajp://esgf-idp-node:8009/esgf-idp ProxyPass /esg-search ajp://esgf-index-node:8009/esg-search ProxyPassReverse /esg-search ajp://esgf-index-node:8009/esg-search ProxyPass /thredds ajp://esgf-data-node:8009/thredds ProxyPassReverse /thredds ajp://esgf-data-node:8009/thredds ProxyPass /thredds ajp://esgf-tds:8009/thredds ProxyPassReverse /thredds ajp://esgf-tds:8009/thredds ProxyPass /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api ProxyPassReverse /esgf-stats-api ajp://esgf-data-node:8009/esgf-stats-api # ProxyPass /esgf-dashboard ajp://localhost:8009/esgf-dashboard Loading
scripts/change_password.sh +5 −3 Original line number Diff line number Diff line Loading @@ -29,6 +29,8 @@ docker exec -it cog /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/ docker stop cog # change password inside (running) data-node container docker start data-node docker exec -it data-node /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/local/bin/change_data_node_password.sh" docker stop data-node docker start tds docker exec -it tds /bin/bash -c "export ESGF_PASSWORD=${ESGF_PASSWORD} && /usr/local/bin/change_tds_password.sh" docker stop tds # TODO: change password in file esg.ini inside esgf-publisher container
tds/Dockerfile 0 → 100644 +101 −0 Original line number Diff line number Diff line # Docker image containing the THREDDS Data Server (TDS) # customized with ESGF access control filters ARG ESGF_IMAGES_HUB=esgfhub ARG ESGF_VERSION=devel FROM $ESGF_IMAGES_HUB/esgf-tomcat:$ESGF_VERSION MAINTAINER ESGF <esgf-devel@lists.llnl.gov> # default ESGF repository ARG ESGF_REPO=http://distrib-coffee.ipsl.jussieu.fr/pub/esgf #============================================ # update system libraries RUN yum -y update; yum clean all # install TDS RUN mkdir -p /usr/local/tomcat/webapps/thredds #COPY thredds/thredds.war /usr/local/tomcat/webapps/thredds/thredds.war ADD $ESGF_REPO/dist/thredds/5.0/5.0.2/thredds.war /usr/local/tomcat/webapps/thredds/ RUN cd /usr/local/tomcat/webapps/thredds && \ jar xvf thredds.war && \ rm thredds.war && \ chown -R tomcat:tomcat /usr/local/tomcat/webapps/thredds # TDS configuration root RUN mkdir -p /esg/content/thredds # TDS memory configuration COPY conf/threddsConfig.xml /esg/content/thredds/threddsConfig.xml # ESGF root catalog COPY conf/catalog.xml /esg/content/thredds/catalog.xml-esgcet #COPY thredds/conf/esgcet/catalog.xml /esg/content/thredds/esgcet/catalog.xml RUN mkdir -p /esg/content/thredds/esgcet # TDS customized applicationContext.xml file with ESGF authorizer COPY conf/applicationContext.xml /usr/local/tomcat/webapps/thredds/WEB-INF/applicationContext.xml # TDS jars necessary to support ESGF security filters # some jars are retrieved from the ESGF repository # other jars are copied from the unpacked ORP or NM distributions #COPY thredds/jars/* $CATALINA_HOME/webapps/thredds/WEB-INF/lib/ ADD $ESGF_REPO/dist/filters/XSGroupRole-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/XSGroupRole-1.0.0.jar ADD $ESGF_REPO/dist/filters/commons-httpclient-3.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-httpclient-3.1.jar ADD $ESGF_REPO/dist/filters/commons-lang-2.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-lang-2.6.jar # FIXME COPY etc/esg-orp-2.9.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esg-orp-2.9.6.jar #ADD $ESGF_REPO/dist/esg-orp/esg-orp-2.9.6.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esg-orp-2.9.6.jar ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager-common-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-node-manager-common-1.0.0.jar ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager-filters-1.0.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-node-manager-filters-1.0.0.jar ADD $ESGF_REPO/dist/esgf-security/esgf-security-2.7.10.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/esgf-security-2.7.15.jar ADD $ESGF_REPO/dist/filters/jdom-legacy-1.1.3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/jdom-legacy-1.1.3.jar ADD $ESGF_REPO/dist/filters/opensaml-2.3.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/opensaml-2.3.2.jar ADD $ESGF_REPO/dist/filters/openws-1.3.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/openws-1.3.1.jar ADD $ESGF_REPO/dist/filters/xmltooling-1.2.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xmltooling-1.2.2.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/xml-security/xmlsec/1.4.2/xmlsec-1.4.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xmlsec-1.4.2.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/velocity/velocity/1.5/velocity-1.5.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/velocity-1.5.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/xalan/serializer/2.9.1/serializer-2.9.1.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/serializer-2.9.1.jar ADD $ESGF_REPO/artifacts/repositories/esgf-repo-share/postgresql/postgresql/8.4-703.jdbc3/postgresql-8.4-703.jdbc3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/postgresql-8.4-703.jdbc3.jar # FIXME: must obtain missing jars from ORP and old NODE-MANAGER distributions ADD $ESGF_REPO/dist/esg-orp/esg-orp.war /tmp/esg-orp/esg-orp.war RUN cd /tmp/esg-orp && \ jar xvf esg-orp.war && \ cp WEB-INF/lib/xalan-2.7.2.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xalan-2.7.2.jar && \ cp WEB-INF/lib/xercesImpl-2.10.0.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xercesImpl-2.10.0.jar && \ cp WEB-INF/lib/xml-apis-1.4.01.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/xml-apis-1.4.01.jar && \ cp WEB-INF/lib/commons-io-2.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-io-2.4.jar RUN rm -rf /tmp/esgf-orp ADD $ESGF_REPO/dist/esgf-node-manager/esgf-node-manager.war /tmp/esgf-node-manager/esgf-node-manager.war RUN cd /tmp/esgf-node-manager && \ jar xvf esgf-node-manager.war && \ cp WEB-INF/lib/commons-dbcp-1.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-dbcp-1.4.jar && \ cp WEB-INF/lib/commons-dbutils-1.3.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-dbutils-1.3.jar && \ cp WEB-INF/lib/commons-pool-1.5.4.jar $CATALINA_HOME/webapps/thredds/WEB-INF/lib/commons-pool-1.5.4.jar RUN rm -rf /tmp/esgf-node-manager # TDS customized logging (uses DEBUG) COPY conf/log4j2.xml /usr/local/tomcat/webapps/thredds/WEB-INF/classes/log4j2.xml # data node scripts COPY scripts/ /usr/local/bin/ # TDS test ESGF catalogs # COPY esgf-content/thredds/ /esg/content/thredds/ # TDS catalogs location #RUN mkdir -p /esg/content/thredds/esgcet # change ownership of content directory RUN chown -R tomcat:tomcat /esg/content/thredds/ # change ownership of source directory RUN chown -R tomcat:tomcat $CATALINA_HOME/webapps/thredds ENTRYPOINT /usr/local/bin/docker-entrypoint.sh
