forked from Internet2/tier-idp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.OpenJDK
154 lines (136 loc) · 5.03 KB
/
Dockerfile.OpenJDK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
FROM centos:7
MAINTAINER Mark McCahill "[email protected]"
USER root
RUN yum -y update && \
yum -y install \
wget \
unzip; \
yum clean all
RUN cd /opt
################## start Oracle JDK ######################
#
#RUN wget --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie;" \
# http://download.oracle.com/otn-pub/java/jdk/8u77-b03/jdk-8u77-linux-x64.tar.gz; \
# mkdir /usr/local/java ; \
# cd /usr/local/java ; \
# tar -xzf /jdk-8u77-linux-x64.tar.gz ; \
# rm /jdk-8u77-linux-x64.tar.gz ; \
# ln -s /usr/local/java/jdk1.8.0_77 /usr/local/java/jdk
#
#RUN echo 'export PATH="$PATH:/usr/local/java/jdk/bin"' > /etc/profile.d/java.sh ; \
# echo 'export JAVA_HOME=/usr/local/java/jdk' >> /etc/profile.d/java.sh
#
#### Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download
#
#RUN wget --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie;" \
# http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip
#RUN cd /usr/local/java/jdk/jre/lib/security ; \
# mv /jce_policy-8.zip /usr/local/java/jdk/jre/lib/security ; \
# unzip jce_policy-8.zip ; \
# mv UnlimitedJCEPolicyJDK8/* ./ ; \
# rmdir UnlimitedJCEPolicyJDK8 ; \
# rm jce_policy-8.zip
#
# gratutious symbolic link to make it easy to switch between Oracle and OpenJDK
#
#RUN mkdir /usr/local/java; \
# ln -s /usr/local/java/jdk /usr/java/latest
#
#
################## end Oracle JDK ##################
################## start OpenJDK ######################
#
RUN yum -y update && \
yum -y install \
java-1.8.0-openjdk.x86_64 \
java-1.8.0-openjdk-devel.x86_64 ; \
mkdir /usr/java ; \
ln -s /etc/alternatives/java_sdk_1.8.0_openjdk /usr/java/jdk1.8.0_77 ; \
ln -s /usr/java/jdk1.8.0_77 /usr/java/latest ; \
yum clean all
#
################## end OpenJDK ##################
#
# tomcat
#
RUN yum -y update && \
yum -y install \
tomcat ; \
yum clean all
#
# Shibboleth IDP
#
RUN set -e ; \
mkdir /usr/local/dist ; \
cd /usr/local/dist ; \
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.2.1.tar.gz ; \
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.2.1.tar.gz.asc ; \
wget http://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.2.1.tar.gz.sha256 ; \
wget https://shibboleth.net/downloads/PGP_KEYS ; \
gpg --import PGP_KEYS ; \
sha256sum --check shibboleth-identity-provider-3.2.1.tar.gz.sha256 ; \
gpg shibboleth-identity-provider-3.2.1.tar.gz.asc ; \
tar -xvzf shibboleth-identity-provider-3.2.1.tar.gz
RUN yum -y update && \
yum -y install \
openssl ; \
yum clean all
ADD ./configs /build-configs
#
# Install shibboleth IDP
#
RUN export JAVA_HOME=/usr/java/latest ; \
export KEYPASS=changeit ; \
export SEALPASS=changeit ; \
export SCOPE=testbed.tier.internet2.edu ; \
export HOST=idp.$SCOPE ; \
export ENTITYID=https://$HOST/idp/shibboleth ; \
cd /usr/local/dist ; \
export DIST=/usr/local/dist/shibboleth-identity-provider-3.2.1 ; \
export IDP_HOME=/opt/shibboleth-idp ; \
echo \# Properties controlling the installation of the Shibboleth IdP>$DIST/idp.install.properties ; \
export SFILE=$DIST/idp.merge.properties ; \
echo idp.scope=$SCOPE>>$SFILE ; \
echo idp.entityID=$ENTITYID>>$SFILE ; \
echo idp.sealer.storePassword=$SEALPASS>>$SFILE ; \
echo idp.sealer.keyPassword=$SEALPASS>>$SFILE ; \
$DIST/bin/install.sh \
-Didp.property.file=idp.install.properties \
-Didp.merge.properties=idp.merge.properties \
-Didp.src.dir=$DIST \
-Didp.target.dir=$IDP_HOME \
-Didp.scope=$SCOPE \
-Didp.host.name=$HOST \
-Didp.keystore.password=$KEYPASS \
-Didp.sealer.password=$SEALPASS \
-Didp.noprompt=true
RUN IDP_HOME=/opt/shibboleth-idp ; \
chgrp -R tomcat $IDP_HOME ; \
chmod -R g+r $IDP_HOME ; \
chmod g+w $IDP_HOME/logs ; \
chmod g+s $IDP_HOME/logs
#
# Install Java Server Tag Library
#
RUN wget https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar \
-P /usr/share/tomcat/lib/
#
# Deploy to Tomcat
#
RUN cp /build-configs/idp.xml /etc/tomcat/Catalina/localhost/
#
# things we need assuming we end up running systemd
#
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
RUN systemctl enable tomcat.service
EXPOSE 8080
CMD ["/usr/sbin/init"]