This repository has been archived by the owner on Jul 17, 2023. It is now read-only.
forked from cloudfoundry/uaa
/
Dockerfile
173 lines (162 loc) · 10.5 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
FROM ubuntu:18.04
RUN apt-get update && apt-get install -y --no-install-recommends \
curl jq git lsb-release unzip vim sudo \
apt-transport-https apt-utils ca-certificates gnupg \
&& apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# unzip used once
ENV DEBIAN_FRONTEND=noninteractive
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true
# JAVA
ENV JAVA_HOME /usr/lib/jvm/java-bellsoft-amd64
ENV PATH "${JAVA_HOME}/bin:${PATH}"
RUN JAVA_MAJOR_VERSION="11" \
&& JDK_METADATA="jdk-metadata.json" \
&& curl -sLo "${JDK_METADATA}" "https://api.bell-sw.com/v1/liberica/releases?version-modifier=latest&os=linux&release-type=lts&bitness=64&package-type=tar.gz&bundle-type=jdk&arch=x86" \
&& JDK_VERSION="$(jq -r ".[] | select(.featureVersion | contains("${JAVA_MAJOR_VERSION}")).version" "${JDK_METADATA}")" \
&& JDK_ARCHIVE_URL="$(jq -r ".[] | select(.featureVersion | contains("${JAVA_MAJOR_VERSION}")).downloadUrl" "${JDK_METADATA}")" \
&& JDK_ARCHIVE="$(basename "${JDK_ARCHIVE_URL}")" \
&& curl -sLo "${JDK_ARCHIVE}" "${JDK_ARCHIVE_URL}" \
&& mkdir -p "${JAVA_HOME}" \
&& tar -xf "${JDK_ARCHIVE}" -C "${JAVA_HOME}" --strip-components=1 \
&& rm -rf "${JDK_ARCHIVE}" "${JDK_METADATA}" \
&& "${JAVA_HOME}"/bin/java -version
#/JAVA
# CHROME; see https://github.com/justinribeiro/dockerfiles/blob/c87217ebfeced3f0088f6559b799ed85f495ddff/chrome-headless/Dockerfile#L31-L51
RUN curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
google-chrome-stable \
fontconfig \
fonts-ipafont-gothic \
fonts-wqy-zenhei \
fonts-thai-tlwg \
fonts-kacst \
fonts-symbola \
fonts-noto \
libgconf-2-4 \
libxss1 \
libasound2 \
libnss3-tools \
&& apt-get install -y --no-install-recommends libosmesa6 \
&& ln -s /usr/lib/x86_64-linux-gnu/libOSMesa.so.8 \
/opt/google/chrome/libosmesa.so \
&& apt-get install -y --no-install-recommends libatk-bridge2.0-0 \
&& ln -s /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 \
/opt/google/chrome/ \
&& apt-get install -y --no-install-recommends libgtk-3-0 \
&& ln -s /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 \
/opt/google/chrome/ \
&& apt-get install -y --no-install-recommends libgdk3.0-cil \
&& ln -s /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 \
/opt/google/chrome/ \
&& export CHROMEDRIVER_VERSION=$(curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE_$(google-chrome --version | cut -f 3 -d ' ' | cut -f 1,2,3 -d '.')) \
&& curl -sfLO https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_VERSION}/chromedriver_linux64.zip \
&& unzip chromedriver_linux64.zip -d /usr/bin/ \
&& rm chromedriver_linux64.zip \
&& ln -s /usr/bin/chromedriver /usr/local/bin/ \
&& apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# ^ TODO: WHY IS THE BINARY NEEDED IN TWO PLACES?
#/CHROME
# LDAP; see https://help.ubuntu.com/lts/serverguide/openldap-server.html
RUN apt-get update && apt-get install -y --no-install-recommends \
gnutls-bin slapd ldap-utils ssl-cert \
&& apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& certtool --generate-privkey > /etc/ssl/private/cakey.pem \
&& echo "cn = Pivotal Software Test" >> /etc/ssl/ca.info \
&& echo " ca" >> /etc/ssl/ca.info \
&& echo " cert_signing_key" >> /etc/ssl/ca.info \
&& certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem \
&& certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem \
&& echo "organization = Pivotal Software Test" >> /etc/ssl/ldap01.info \
&& echo " cn = ldap01.example.com" >> /etc/ssl/ldap01.info \
&& echo " tls_www_server" >> /etc/ssl/ldap01.info \
&& echo " encryption_key" >> /etc/ssl/ldap01.info \
&& echo " signing_key" >> /etc/ssl/ldap01.info \
&& echo " expiration_days = 3650" >> /etc/ssl/ldap01.info \
&& certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem \
&& adduser openldap ssl-cert \
&& chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem \
&& chmod 0640 /etc/ssl/private/ldap01_slapd_key.pem \
&& echo "dn: cn=config" >> /etc/ssl/certinfo.ldif \
&& echo "changetype: modify" >> /etc/ssl/certinfo.ldif \
&& echo "add: olcTLSCACertificateFile" >> /etc/ssl/certinfo.ldif \
&& echo "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem" >> /etc/ssl/certinfo.ldif \
&& echo "-" >> /etc/ssl/certinfo.ldif \
&& echo "add: olcTLSCertificateFile" >> /etc/ssl/certinfo.ldif \
&& echo "olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem" >> /etc/ssl/certinfo.ldif \
&& echo "-" >> /etc/ssl/certinfo.ldif \
&& echo "add: olcTLSCertificateKeyFile" >> /etc/ssl/certinfo.ldif \
&& echo "olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" >> /etc/ssl/certinfo.ldif \
&& service slapd start \
&& ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif \
&& sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd \
&& echo "#!/usr/bin/env bash" >> /bin/start-slapd \
&& echo "set -eu -o pipefail" >> /bin/start-slapd \
&& echo "echo '# docker build will not persist /etc/hosts' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '# ------------- UAA DNS ------------- #' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 oidcloginit.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzone1.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzone2.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzone3.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzone4.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzoneinactive.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '127.0.0.1 testzonedoesnotexist.localhost' >> /etc/hosts" >> /bin/start-slapd \
&& echo "echo '# ------------- UAA DNS ------------- #' >> /etc/hosts" >> /bin/start-slapd \
&& echo "pgrep slapd || service slapd start" >> /bin/start-slapd \
&& chmod 0755 /bin/start-slapd
#/LDAP
# DATABASES
# DATABASES-POSTGRESQL
RUN apt-get update && apt-get install -y --no-install-recommends \
postgresql postgresql-contrib \
&& apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& echo "#!/usr/bin/env bash" >> /bin/start-postgresql \
&& echo "set -eu -o pipefail" >> /bin/start-postgresql \
&& echo "service postgresql start" >> /bin/start-postgresql \
&& echo "while ! sudo -u postgres psql -c 'select 1'; do sleep 1; done;" >> /bin/start-postgresql \
&& chmod 0755 /bin/start-postgresql
#/DATABASES-POSTGRESQL
# DATABASES-MYSQL-OR-PERCONA
RUN export PERCONA_DEB="percona-release_latest.$(lsb_release -sc)_all.deb" \
&& curl -sLo ${PERCONA_DEB} https://repo.percona.com/apt/${PERCONA_DEB} \
&& dpkg -i ${PERCONA_DEB} && rm ${PERCONA_DEB} \
&& apt-get update && apt-get install -y --no-install-recommends \
# MYSQL - collides with PERCONA
mysql-server \
# MYSQL - collides with PERCONA
# PERCONA - collides with MYSQL
# percona-server-server-5.7 mysql-client \
#/PERCONA - collides with MYSQL
&& apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& sudo mysql_ssl_rsa_setup --uid=mysql \
&& echo "#!/usr/bin/env bash" >> /bin/start-mysql \
&& echo "set -eu -o pipefail" >> /bin/start-mysql \
&& echo "find /var/lib/mysql -type f -exec touch {} \; && service mysql start" >> /bin/start-mysql \
&& echo "while ! mysql -e 'select 1'; do sleep 1; done;" >> /bin/start-mysql \
&& chmod 0755 /bin/start-mysql
# DATABASES-MYSQL-OR-PERCONA
#/DATABASES
# PROJECT_SETUP
ENV DB_NAME=uaa
ENV DB_USER=root
ENV DB_PASS=changeme
ENV NUM_DBS=24
RUN /bin/start-mysql \
&& echo "[mysql]" >> "${HOME}/.my.cnf" \
&& echo "password=${DB_PASS}" >> "${HOME}/.my.cnf" \
&& mysql -e "ALTER USER '${DB_USER}'@'localhost' IDENTIFIED WITH mysql_native_password BY '${DB_PASS}';" \
# -----------^ change root from `auth_socket` to `mysql_native_password` so that `-h 127.0.0.1` works
&& mysql -e "CREATE DATABASE ${DB_NAME} DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" \
&& for i in $(seq 1 ${NUM_DBS}); do mysql -e "CREATE DATABASE ${DB_NAME}_${i} DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" ; done
RUN /bin/start-postgresql \
&& sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH SUPERUSER PASSWORD '${DB_PASS}';" \
&& sudo -u postgres createdb "${DB_USER}" \
&& sudo -u postgres createdb "${DB_NAME}" \
&& for i in $(seq 1 ${NUM_DBS}); do sudo -u postgres createdb "${DB_NAME}_${i}" ; done
COPY ldap_db_init.ldif copy_of-uaa_src_main_resources_ldap_init.ldif /ldap/
RUN /bin/start-slapd \
&& ldapadd -Y EXTERNAL -H ldapi:/// -f /ldap/ldap_db_init.ldif \
&& ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f /ldap/copy_of-uaa_src_main_resources_ldap_init.ldif \
&& rm -rf /ldap/
#/PROJECT_SETUP