From deb4ab9dce581448d787992fcaa479f38576cc35 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Wed, 20 Dec 2023 21:20:03 +0300 Subject: [PATCH] feat(jans-linux-setup): jans-lock installer Signed-off-by: Mustafa Baser --- jans-linux-setup/jans_setup/jans_setup.py | 7 +- .../jans_setup/setup_app/config.py | 1 + .../data/jetty_app_configuration.json | 20 ++++- .../jans_setup/setup_app/installers/base.py | 3 +- .../jans_setup/setup_app/installers/jans.py | 16 ++-- .../setup_app/installers/jans_lock.py | 77 +++++++++++++++++++ .../jans_setup/setup_app/installers/jetty.py | 1 + .../jans_setup/setup_app/setup_options.py | 3 + .../jans_setup/setup_app/utils/arg_parser.py | 2 + .../setup_app/utils/properties_utils.py | 29 ++++++- .../static/system/systemd/jans-lock.service | 13 ++++ .../templates/apache/https_jans.conf | 7 ++ .../jans-lock/{lock.ldif => config.ldif} | 0 .../{jans-lock-errors.json => errors.json} | 0 .../jans_setup/templates/jetty/jans-lock | 11 +++ 15 files changed, 177 insertions(+), 13 deletions(-) create mode 100644 jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py create mode 100644 jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service rename jans-linux-setup/jans_setup/templates/jans-lock/{lock.ldif => config.ldif} (100%) rename jans-linux-setup/jans_setup/templates/jans-lock/{jans-lock-errors.json => errors.json} (100%) create mode 100644 jans-linux-setup/jans_setup/templates/jetty/jans-lock diff --git a/jans-linux-setup/jans_setup/jans_setup.py b/jans-linux-setup/jans_setup/jans_setup.py index ffbee70d683..ff960384242 100755 --- a/jans-linux-setup/jans_setup/jans_setup.py +++ b/jans-linux-setup/jans_setup/jans_setup.py @@ -148,7 +148,7 @@ def ami_packaged(): from setup_app.installers.jans_casa import CasaInstaller from setup_app.installers.jans_saml import JansSamlInstaller - + from setup_app.installers.jans_lock import JansLockInstaller from setup_app.installers.config_api import ConfigApiInstaller from setup_app.installers.jans_cli import JansCliInstaller @@ -271,6 +271,7 @@ def ami_packaged(): jans_link_installer = JansLinkInstaller() jans_keycloak_link_installer = JansKCLinkInstaller() jans_saml_installer = JansSamlInstaller() + jans_lock_installer = JansLockInstaller() jansCliInstaller = JansCliInstaller() @@ -470,6 +471,10 @@ def do_installation(): not Config.installed_instance and Config.get(jans_saml_installer.install_var)): jans_saml_installer.start_installation() + if (Config.installed_instance and jans_lock_installer.install_var in Config.addPostSetupService) or ( + not Config.installed_instance and Config.get(jans_lock_installer.install_var)): + jans_lock_installer.start_installation() + # if (Config.installed_instance and 'installOxd' in Config.addPostSetupService) or (not Config.installed_instance and Config.installOxd): # oxdInstaller.start_installation() jansInstaller.post_install_before_saving_properties() diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py index 018050bf5f9..7adf4d58b21 100644 --- a/jans-linux-setup/jans_setup/setup_app/config.py +++ b/jans-linux-setup/jans_setup/setup_app/config.py @@ -208,6 +208,7 @@ def progress(self, service_name, msg, incr=False): self.allowPreReleasedFeatures = False self.install_jans_saml = False self.install_jans_keycloak_link = False + self.install_jans_lock = False # backward compatibility self.os_type = base.os_type diff --git a/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json b/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json index 66f566e46da..a259bf4b73a 100644 --- a/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json +++ b/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json @@ -15,7 +15,7 @@ "memory": { "max_allowed_mb": 512, "jvm_heap_ration": 0.7, - "ratio": 0.10 + "ratio": 0.08 }, "jetty": { "modules": "server,deploy,resources,http,http-forwarded,threadpool,console-capture,jsp" @@ -39,7 +39,7 @@ "memory": { "max_allowed_mb": 1024, "jvm_heap_ration": 0.7, - "ratio": 0.10 + "ratio": 0.08 }, "jetty": { "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket" @@ -63,7 +63,7 @@ "memory": { "max_allowed_mb": 1024, "jvm_heap_ration": 0.7, - "ratio": 0.10 + "ratio": 0.08 }, "jetty": { "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket" @@ -88,12 +88,24 @@ "memory": { "max_allowed_mb": 1024, "jvm_heap_ration": 0.7, - "ratio": 0.10 + "ratio": 0.08 }, "jetty": { "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket" }, "installed": false, "name": "jans-keycloak-link" + }, + "jans-lock": { + "memory": { + "max_allowed_mb": 1024, + "jvm_heap_ration": 0.7, + "ratio": 0.08 + }, + "jetty": { + "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket" + }, + "installed": false, + "name": "jans-lock" } } diff --git a/jans-linux-setup/jans_setup/setup_app/installers/base.py b/jans-linux-setup/jans_setup/setup_app/installers/base.py index d05be4052d0..7b0b1ac9a25 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/base.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/base.py @@ -49,7 +49,8 @@ def start_installation(self): def render_unit_file(self, unit=None): # render unit file - + if getattr(self, 'no_unit_file', False): + return units = self.get_systemd_service_list(unit) for unit in units: diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans.py b/jans-linux-setup/jans_setup/setup_app/installers/jans.py index 340a8a12fd7..e6c0e0a4f19 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/jans.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/jans.py @@ -77,12 +77,15 @@ def get_install_string(prefix, install_var): txt += get_install_string('Install Auth Server', 'installOxAuth') txt += get_install_string('Install Jans Config API', 'install_config_api') if Config.profile == 'jans': - txt += get_install_string('Install Fido2 Server', 'installFido2') - txt += get_install_string('Install Scim Server', 'install_scim_server') - txt += get_install_string('Install Jans Link Server', 'install_jans_link') - txt += get_install_string('Install Jans KC Link Server', 'install_jans_keycloak_link') - txt += get_install_string('Install Jans Casa Server', 'install_casa') - txt += get_install_string('Install Jans SAML', 'install_jans_saml') + for prompt_str, install_var in ( + ('Install Fido2 Server', 'installFido2'), + ('Install Scim Server', 'install_scim_server'), + ('Install Jans Link Server', 'install_jans_link'), + ('Install Jans KC Link Server', 'install_jans_keycloak_link'), + ('Install Jans Casa Server', 'install_casa'), + ('Install Jans Lock', 'install_jans_lock'), + ('Install Jans SAML', 'install_jans_saml')): + txt += get_install_string(prompt_str, install_var) if Config.profile == 'jans' and Config.installEleven: @@ -637,6 +640,7 @@ def order_services(self): ('jans-fido2', 'installFido2'), ('jans-link', 'install_jans_link'), ('jans-scim', 'install_scim_server'), + ('jans-lock', 'install_jans_lock_as_server'), ('saml', 'install_jans_saml'), ('jans-keycloak-link', 'install_jans_keycloak_link'), ] diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py new file mode 100644 index 00000000000..fead8c3d94a --- /dev/null +++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py @@ -0,0 +1,77 @@ +import os +import glob +import shutil +from pathlib import Path + +from setup_app import paths +from setup_app.utils import base +from setup_app.static import AppType, InstallOption +from setup_app.config import Config +from setup_app.installers.jetty import JettyInstaller + +Config.jans_lock_port = '8076' + +class JansLockInstaller(JettyInstaller): + + source_files = [ + (os.path.join(Config.dist_jans_dir, 'jans-lock.war'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-server/{0}/jans-lock-server-{0}.war').format(base.current_app.app_info['jans_version'])), + (os.path.join(Config.dist_jans_dir, 'jans-lock-service.jar'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-service/{0}/jans-lock-service-{0}.jar').format(base.current_app.app_info['jans_version'])), + ] + + def __init__(self): + setattr(base.current_app, self.__class__.__name__, self) + self.service_name = 'jans-lock' + self.needdb = True + self.app_type = AppType.SERVICE + self.install_type = InstallOption.OPTONAL + self.install_var = 'install_jans_lock' + self.register_progess() + + self.output_dir = os.path.join(Config.output_dir, self.service_name) + self.template_dir = os.path.join(Config.templateFolder, self.service_name) + self.dynamic_conf_json = os.path.join(self.output_dir, 'dynamic-conf.json') + self.error_json = os.path.join(self.output_dir, 'errors.json') + self.static_conf_json = os.path.join(self.output_dir, 'static-conf.json') + self.config_ldif = os.path.join(self.output_dir, 'config.ldif') + + def install(self): + + if Config.get('install_jans_lock_as_server'): + self.install_as_server() + else: + self.no_unit_file = True + self.install_as_service() + + + def install_as_server(self): + self.installJettyService(self.jetty_app_configuration[self.service_name], True) + self.logIt(f"Copying {self.source_files[0][0]} into jetty webapps folder...") + self.copyFile(self.source_files[0][0], self.jetty_service_webapps) + self.enable() + + def install_as_service(self): + plugin_name = os.path.basename(self.source_files[1][0]) + self.logIt(f"Adding plugin {plugin_name} to jans-auth") + self.copyFile(self.source_files[1][0], base.current_app.JansAuthInstaller.custom_lib_dir) + plugin_class_path = os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, plugin_name) + base.current_app.JansAuthInstaller.add_extra_class(plugin_class_path) + self.chown(plugin_class_path, Config.jetty_user, Config.jetty_group) + + + def render_import_templates(self): + + self.renderTemplateInOut(self.dynamic_conf_json, self.template_dir, self.output_dir) + self.renderTemplateInOut(self.error_json, self.template_dir, self.output_dir) + self.renderTemplateInOut(self.static_conf_json, self.template_dir, self.output_dir) + + Config.templateRenderingDict['lock_dynamic_conf_base64'] = self.generate_base64_file(self.dynamic_conf_json, 1) + Config.templateRenderingDict['lock_error_base64'] = self.generate_base64_file(self.error_json, 1) + Config.templateRenderingDict['lock_static_conf_base64'] = self.generate_base64_file(self.static_conf_json, 1) + + self.renderTemplateInOut(self.config_ldif, self.template_dir, self.output_dir) + + ldif_files = [self.config_ldif] + self.dbUtils.import_ldif(ldif_files) + + def installed(self): + return os.path.exists(self.jetty_service_webapps) or os.path.exists(os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, os.path.basename(self.source_files[1][0]))) diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py index 99b668d9224..6d2831d7a4a 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py @@ -339,6 +339,7 @@ def calculate_selected_aplications_memory(self): ('installFido2', 'jans-fido2'), ('install_config_api', 'jans-config-api'), ('installEleven', 'jans-eleven'), + ('install_jans_lock_as_server', 'jans-lock'), ]: if Config.get(config_var) and service in self.jetty_app_configuration: diff --git a/jans-linux-setup/jans_setup/setup_app/setup_options.py b/jans-linux-setup/jans_setup/setup_app/setup_options.py index 42923987ac0..fee3ab21696 100644 --- a/jans-linux-setup/jans_setup/setup_app/setup_options.py +++ b/jans-linux-setup/jans_setup/setup_app/setup_options.py @@ -22,6 +22,7 @@ def get_setup_options(): 'install_jans_keycloak_link': False, 'install_casa': False, 'install_jans_saml': False, + 'install_jans_lock': False, 'loadTestData': False, 'allowPreReleasedFeatures': False, 'listenAllInterfaces': False, @@ -115,6 +116,8 @@ def get_setup_options(): setupOptions['install_casa'] = True if base.argsp.install_jans_saml: setupOptions['install_jans_saml'] = True + if base.argsp.install_jans_lock: + setupOptions['install_jans_lock'] = True if base.argsp.jans_max_mem: setupOptions['jans_max_mem'] = base.argsp.jans_max_mem diff --git a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py index 406ef7029bd..21e2dc38de8 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py @@ -101,6 +101,8 @@ parser.add_argument('--with-casa', help="Install Jans Casa Server", action='store_true') parser.add_argument('--install-jans-saml', help="Install Jans SAML", action='store_true') + parser.add_argument('--install-jans-lock', help="Install Jans Lock", action='store_true') + #parser.add_argument('--oxd-use-jans-storage', help="Use Jans Storage for Oxd Server", action='store_true') parser.add_argument('--load-config-api-test', help="Load Config Api Test Data", action='store_true') diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 443469c4252..9cd2bbb0b57 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -647,6 +647,33 @@ def prompt_to_install(self, install_var): return True + + def pompt_for_jans_lock(self): + if not self.prompt_to_install('install_jans_lock'): + return + + prompt = self.getPrompt("Install Jans Lock?", + self.getDefaultOption(Config.install_jans_lock) + )[0].lower() + + + + if prompt == 'y': + prompt = self.getPrompt("Install Jans Lock as Server?", + self.getDefaultOption(Config.install_jans_lock) + )[0].lower() + if prompt == 'y': + Config.install_jans_lock = True + Config.install_jans_lock_as_server = True + else: + prompt = self.getPrompt("Install Jans Lock as Auth Service?", self.getDefaultOption(True))[0].lower() + if prompt == 'y': + Config.install_jans_lock = True + + + if Config.installed_instance and Config.install_jans_lock: + Config.addPostSetupService.append('install_jans_lock') + def prompt_for_jans_saml(self): if not self.prompt_to_install('install_jans_saml'): return @@ -1016,7 +1043,7 @@ def promptForProperties(self): self.prompt_for_jans_link() self.prompt_for_jans_keycloak_link() self.prompt_for_casa() - + self.pompt_for_jans_lock() self.prompt_for_jans_saml() #self.promptForEleven() #if (not Config.installOxd) and Config.oxd_package: diff --git a/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service b/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service new file mode 100644 index 00000000000..6517080f7cc --- /dev/null +++ b/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service @@ -0,0 +1,13 @@ +[Unit] +Description=Janssen Lock Service +After=%(order_jans_lock_service)s + +[Service] +Type=forking +ExecStart=/opt/dist/scripts/jans-lock start +ExecStop=/opt/dist/scripts/jans-lock stop +User=jetty +Group=jetty + +[Install] +WantedBy=multi-user.target diff --git a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf index 14234d41dcb..324695f3f08 100644 --- a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf +++ b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf @@ -103,6 +103,13 @@ Allow from all + + Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly + ProxyPass http://localhost:%(jans_lock_port)s/jans-lock retry=5 connectiontimeout=60 timeout=60 + Order deny,allow + Allow from all + + SSLVerifyClient optional_no_ca SSLVerifyDepth 10 diff --git a/jans-linux-setup/jans_setup/templates/jans-lock/lock.ldif b/jans-linux-setup/jans_setup/templates/jans-lock/config.ldif similarity index 100% rename from jans-linux-setup/jans_setup/templates/jans-lock/lock.ldif rename to jans-linux-setup/jans_setup/templates/jans-lock/config.ldif diff --git a/jans-linux-setup/jans_setup/templates/jans-lock/jans-lock-errors.json b/jans-linux-setup/jans_setup/templates/jans-lock/errors.json similarity index 100% rename from jans-linux-setup/jans_setup/templates/jans-lock/jans-lock-errors.json rename to jans-linux-setup/jans_setup/templates/jans-lock/errors.json diff --git a/jans-linux-setup/jans_setup/templates/jetty/jans-lock b/jans-linux-setup/jans_setup/templates/jetty/jans-lock new file mode 100644 index 00000000000..aec37412e06 --- /dev/null +++ b/jans-linux-setup/jans_setup/templates/jetty/jans-lock @@ -0,0 +1,11 @@ +JAVA_HOME=%(jre_home)s +JAVA=$JAVA_HOME/bin/java +JAVA_OPTIONS="-server -Xms%(jans-lock_min_heap_mem)sm -Xmx%(jans-lock_max_heap_mem)sm -XX:+DisableExplicitGC -Djans.base=%(jansBaseFolder)s -Dserver.base=%(jetty_base)s/jans-lock -Dlog.base=%(jetty_base)s/jans-lock -Dpython.home=%(jython_home)s" + +JETTY_HOME=%(jetty_home)s +JETTY_BASE=%(jetty_base)s/jans-lock +JETTY_USER=%(jetty_user)s +JETTY_ARGS="jetty.http.host=localhost jetty.http.port=%(jans_lock_port)s" +TMPDIR=%(jetty_dist)s/temp + +export PYTHON_HOME=%(jython_home)s