Loading images/base/Dockerfile +0 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ ENV ESGF_HOME /esg ENV ESGF_CONFIG_DIR $ESGF_HOME/config ENV ESGF_CERT_DIR $ESGF_HOME/certificates ENV ESGF_INIT_DIR $ESGF_HOME/init.d RUN mkdir -p $ESGF_CONFIG_DIR && mkdir -p $ESGF_CERT_DIR && mkdir -p $ESGF_INIT_DIR # Create the esgf user that will be used to run apps ENV ESGF_UID 1000 Loading images/orp/01-keystore.sh +16 −14 Original line number Diff line number Diff line Loading @@ -10,27 +10,29 @@ set -eo pipefail # Create a temporary file for openssl to put random state export RANDFILE="$(mktemp)" KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" export ESGF_KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" export ESGF_KEYSTORE_FILE="${ESGF_KEYSTORE_FILE:-$ESGF_HOME/tomcat/hostcert.p12}" # Generate a random keystore password for this container run KEYSTORE_PASSWORD="$(openssl rand -hex 32)" export ESGF_KEYSTORE_PASSWORD="$(openssl rand -hex 32)" ESGF_HOSTCERT_CERT_FILE="${ESGF_HOSTCERT_CERT_FILE:-$ESGF_HOME/hostcert/tls.crt}" ESGF_HOSTCERT_KEY_FILE="${ESGF_HOSTCERT_KEY_FILE:-$ESGF_HOME/hostcert/tls.key}" # Create the keystore echo "[info] Creating PKCS12 bundle for host certificate and key" mkdir -p "$(dirname "$ESGF_KEYSTORE_FILE")" openssl pkcs12 -export \ -name "$KEYSTORE_ALIAS" \ -out "$KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_DIR/tls.crt" \ -inkey "$ESGF_HOSTCERT_DIR/tls.key" \ -password "pass:$KEYSTORE_PASSWORD" -name "$ESGF_KEYSTORE_ALIAS" \ -out "$ESGF_KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_CERT_FILE" \ -inkey "$ESGF_HOSTCERT_KEY_FILE" \ -password "pass:$ESGF_KEYSTORE_PASSWORD" rm -rf "$RANDFILE" unset RANDFILE # Configure the ORP to use it echo "[info] Configuring ORP to use PKCS12 bundle" CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" export CATALINA_EXTRA_OPTS # echo "[info] Configuring ORP to use PKCS12 bundle" # CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" # CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" # CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" # export CATALINA_EXTRA_OPTS images/orp/Dockerfile +0 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,5 @@ FROM ${ESGF_REPOSITORY_BASE}/tomcat-builder:${ESGF_IMAGES_VERSION} as builder FROM ${ESGF_REPOSITORY_BASE}/tomcat-runtime:${ESGF_IMAGES_VERSION} # Install custom config and startup scripts ENV ESGF_HOSTCERT_DIR $ESGF_HOME/hostcert COPY 01-keystore.sh $ESGF_INIT_DIR/ COPY esg-orp.properties $CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/ images/orp/esg-orp.properties +4 −4 Original line number Diff line number Diff line keystoreFile=${esg.orp.keystore.file} keystorePassword=${esg.orp.keystore.password} keystoreAlias=${esg.orp.keystore.alias} keystoreFile=${env:ESGF_KEYSTORE_FILE} keystorePassword=${env:ESGF_KEYSTORE_PASSWORD} keystoreAlias=${env:ESGF_KEYSTORE_ALIAS} orp.provider.list=/esg/config/esgf_known_providers.xml orp.provider.list=${env:ESGF_CONFIG_DIR}/esgf_known_providers.xml images/tomcat-runtime/Dockerfile +2 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,8 @@ RUN mkdir -p $CATALINA_HOME WORKDIR $CATALINA_HOME # Make a config directory that is writable by the esgf user RUN mkdir -p $ESGF_HOME/tomcat && chown $ESGF_USER:$ESGF_GROUP $ESGF_HOME/tomcat RUN mkdir -p $ESGF_HOME/tomcat && \ chown $ESGF_USER:$ESGF_GROUP $ESGF_HOME/tomcat # Install JRE RUN yum makecache && \ Loading Loading
images/base/Dockerfile +0 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ ENV ESGF_HOME /esg ENV ESGF_CONFIG_DIR $ESGF_HOME/config ENV ESGF_CERT_DIR $ESGF_HOME/certificates ENV ESGF_INIT_DIR $ESGF_HOME/init.d RUN mkdir -p $ESGF_CONFIG_DIR && mkdir -p $ESGF_CERT_DIR && mkdir -p $ESGF_INIT_DIR # Create the esgf user that will be used to run apps ENV ESGF_UID 1000 Loading
images/orp/01-keystore.sh +16 −14 Original line number Diff line number Diff line Loading @@ -10,27 +10,29 @@ set -eo pipefail # Create a temporary file for openssl to put random state export RANDFILE="$(mktemp)" KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" KEYSTORE_FILE="$ESGF_HOME/tomcat/hostcert.p12" export ESGF_KEYSTORE_ALIAS="${ESGF_KEYSTORE_ALIAS:-esgf-self}" export ESGF_KEYSTORE_FILE="${ESGF_KEYSTORE_FILE:-$ESGF_HOME/tomcat/hostcert.p12}" # Generate a random keystore password for this container run KEYSTORE_PASSWORD="$(openssl rand -hex 32)" export ESGF_KEYSTORE_PASSWORD="$(openssl rand -hex 32)" ESGF_HOSTCERT_CERT_FILE="${ESGF_HOSTCERT_CERT_FILE:-$ESGF_HOME/hostcert/tls.crt}" ESGF_HOSTCERT_KEY_FILE="${ESGF_HOSTCERT_KEY_FILE:-$ESGF_HOME/hostcert/tls.key}" # Create the keystore echo "[info] Creating PKCS12 bundle for host certificate and key" mkdir -p "$(dirname "$ESGF_KEYSTORE_FILE")" openssl pkcs12 -export \ -name "$KEYSTORE_ALIAS" \ -out "$KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_DIR/tls.crt" \ -inkey "$ESGF_HOSTCERT_DIR/tls.key" \ -password "pass:$KEYSTORE_PASSWORD" -name "$ESGF_KEYSTORE_ALIAS" \ -out "$ESGF_KEYSTORE_FILE" \ -in "$ESGF_HOSTCERT_CERT_FILE" \ -inkey "$ESGF_HOSTCERT_KEY_FILE" \ -password "pass:$ESGF_KEYSTORE_PASSWORD" rm -rf "$RANDFILE" unset RANDFILE # Configure the ORP to use it echo "[info] Configuring ORP to use PKCS12 bundle" CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" export CATALINA_EXTRA_OPTS # echo "[info] Configuring ORP to use PKCS12 bundle" # CATALINA_EXTRA_OPTS="-Desg.orp.keystore.file=$KEYSTORE_FILE" # CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.alias=$KEYSTORE_ALIAS" # CATALINA_EXTRA_OPTS="$CATALINA_EXTRA_OPTS -Desg.orp.keystore.password=$KEYSTORE_PASSWORD" # export CATALINA_EXTRA_OPTS
images/orp/Dockerfile +0 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,5 @@ FROM ${ESGF_REPOSITORY_BASE}/tomcat-builder:${ESGF_IMAGES_VERSION} as builder FROM ${ESGF_REPOSITORY_BASE}/tomcat-runtime:${ESGF_IMAGES_VERSION} # Install custom config and startup scripts ENV ESGF_HOSTCERT_DIR $ESGF_HOME/hostcert COPY 01-keystore.sh $ESGF_INIT_DIR/ COPY esg-orp.properties $CATALINA_HOME/webapps/esg-orp/WEB-INF/classes/
images/orp/esg-orp.properties +4 −4 Original line number Diff line number Diff line keystoreFile=${esg.orp.keystore.file} keystorePassword=${esg.orp.keystore.password} keystoreAlias=${esg.orp.keystore.alias} keystoreFile=${env:ESGF_KEYSTORE_FILE} keystorePassword=${env:ESGF_KEYSTORE_PASSWORD} keystoreAlias=${env:ESGF_KEYSTORE_ALIAS} orp.provider.list=/esg/config/esgf_known_providers.xml orp.provider.list=${env:ESGF_CONFIG_DIR}/esgf_known_providers.xml
images/tomcat-runtime/Dockerfile +2 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,8 @@ RUN mkdir -p $CATALINA_HOME WORKDIR $CATALINA_HOME # Make a config directory that is writable by the esgf user RUN mkdir -p $ESGF_HOME/tomcat && chown $ESGF_USER:$ESGF_GROUP $ESGF_HOME/tomcat RUN mkdir -p $ESGF_HOME/tomcat && \ chown $ESGF_USER:$ESGF_GROUP $ESGF_HOME/tomcat # Install JRE RUN yum makecache && \ Loading
