Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • commul/docker/clarin-dspace
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 370 additions and 280 deletions
dockerfiles/nginx/shib_fastcgi_params 0 → 100644
View file @ 24e85c0a
# vim: set filetype=conf :
#See: https://blog.techsoc.io/adventures-in-shibboleth-and-nginx-part-2-of-2-6455a7f1d026
include fastcgi_params;
# Replace `fastcgi_param` with `sgci_param`, `uwsgi_param` or similar
# directive for use with different upstreams. Consult the relevant upstream
# documentation for more information on environment parameters.
#
# Auth-Type is configured as authType in
# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings.
# Other default SP variables are as per
# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess#NativeSPAttributeAccess-CustomSPVariables
shib_request_set $shib_auth_type $upstream_http_variable_auth_type;
fastcgi_param Auth-Type $shib_auth_type;
shib_request_set $shib_shib_application_id $upstream_http_variable_shib_application_id;
fastcgi_param Shib-Application-ID $shib_shib_application_id;
shib_request_set $shib_shib_authentication_instant $upstream_http_variable_shib_authentication_instant;
fastcgi_param Shib-Authentication-Instant $shib_shib_authentication_instant;
shib_request_set $shib_shib_authentication_method $upstream_http_variable_shib_authentication_method;
fastcgi_param Shib-Authentication-Method $shib_shib_authentication_method;
shib_request_set $shib_shib_authncontext_class $upstream_http_variable_shib_authncontext_class;
fastcgi_param Shib-AuthnContext-Class $shib_shib_authncontext_class;
shib_request_set $shib_shib_authncontext_decl $upstream_http_variable_shib_authncontext_decl;
fastcgi_param Shib-AuthnContext-Decl $shib_shib_authncontext_decl;
shib_request_set $shib_shib_identity_provider $upstream_http_variable_shib_identity_provider;
fastcgi_param Shib-Identity-Provider $shib_shib_identity_provider;
shib_request_set $shib_shib_session_id $upstream_http_variable_shib_session_id;
fastcgi_param Shib-Session-ID $shib_shib_session_id;
shib_request_set $shib_shib_session_index $upstream_http_variable_shib_session_index;
fastcgi_param Shib-Session-Index $shib_shib_session_index;
shib_request_set $shib_remote_user $upstream_http_variable_remote_user;
fastcgi_param Remote-User $shib_remote_user;
#
# CLARIN Supported attributes
#
#mail (1 values)
#eduPersonTargetedID (1 values)
#organizationName (1 values)
#displayName (1 values)
#oid-eduPersonPrincipalName (1 values)
#cn (1 values)
#eduPersonScopedAffiliation (1 values)
#eduPersonEntitlement (1 values)
#persistent-id (1 values)
shib_request_set $shib_mail $upstream_http_variable_mail;
fastcgi_param Mail $shib_mail;
shib_request_set $shib_eptid $upstream_http_variable_edupersontargetedid;
fastcgi_param EduPersonTargetedID $shib_eptid;
shib_request_set $shib_o $upstream_http_variable_organizationname;
fastcgi_param OrganizationName $shib_o;
shib_request_set $shib_displayname $upstream_http_variable_displayname;
fastcgi_param DisplayName $shib_displayname;
shib_request_set $shib_eppn $upstream_http_variable_eppn;
fastcgi_param EduPersonPrincipalName $shib_eppn;
shib_request_set $shib_cn $upstream_http_variable_cn;
fastcgi_param cn $shib_cn;
shib_request_set $shib_epsa $upstream_http_variable_edupersonscopedaffiliation;
fastcgi_param EduPersonScopedAffiliation $shib_epsa;
shib_request_set $shib_epent $upstream_http_variable_edupersonentitlement;
fastcgi_param EduPersonEntitlement $shib_epent;
shib_request_set $shib_pid $upstream_http_variable_persistent_id;
fastcgi_param Persistent-Id $shib_pid;
dockerfiles/commul-customization/shib_test.pl dockerfiles/nginx/shib_test.pl
View file @ 24e85c0a
......@@ -70,7 +70,7 @@ sub render_table_rows {
sub dump_shibboleth_attributes {
my $debug_env = shift;
my @keys = sort(keys(%ENV));
my @attrs = grep(!m/^(HTTPS|SERVER_|SCRIPT_|PATH|QUERY_STRING|GATEWAY|DOCUMENT_ROOT|REMOTE|REQUEST|HTTP_|AUTH_TYPE|Shib_)/i, @keys);
my @shib = grep(m/Shib_/i, @keys);
......@@ -100,9 +100,13 @@ sub dump_shibboleth_assertions {
'Raw SAML Assertion(s)', '</th>', '</tr>';
my $j = 0;
my $browser = LWP::UserAgent->new;
$browser->ssl_opts( 'verify_hostname' => 0 );
ASSERTION:
for (my $i = 1; $i <= $count; $i++) {
my $url = $ENV{sprintf('Shib_Assertion_%02d', $i)};
my $url = $ENV{sprintf('HTTP_SHIB_ASSERTION_%02d', $i)};
my $eurac_host = "https://" . $ENV{"SERVER_NAME"};
$url =~ s#$eurac_host#https://127.0.0.1#;
next ASSERTION unless defined ($url);
print '<tr class="', ($j++ % 2 == 0 ? 'even' : 'odd'), '">';
......@@ -196,7 +200,7 @@ sub scan_attributes {
}
}
if (defined($found)) {
if ((defined($found)) && (length $ENV{$found})) {
print '<p class="attr ok">',
($optional ? 'Optional'
: 'Required'),
......@@ -205,6 +209,13 @@ sub scan_attributes {
: ''),
'.</p>';
}
elsif (!(length $ENV{$found})) {
print '', ($optional ? '<p class="attr warn">Optional'
: '<p class="attr error">Required'),
' attribute <code>', $attrs[0],
'</code> is available, but empty.</p>';
$missing++;
}
else {
print '', ($optional ? '<p class="attr warn">Optional'
: '<p class="attr error">Required'),
......@@ -220,9 +231,9 @@ sub scan_attributes {
sub main {
my $q = shift;
if (defined($ENV{'Shib_Session_ID'})) {
if (defined($ENV{'HTTP_SHIB_SESSION_ID'})) {
# logout link
my $idp = $ENV{'Shib_Identity_Provider'};
my $idp = $ENV{'HTTP_SHIB_IDENTITY_PROVIDER'};
if (!defined($idp)) {
$idp = '<span class="error">[UNKNOWN]</span>';
}
......@@ -250,7 +261,7 @@ sub main {
}
# remote user
my $user = $ENV{'REMOTE_USER'};
my $user = $ENV{'HTTP_REMOTE_USER'};
$warnings++ unless defined($user);
print '<p class="attr ', (defined($user) ? 'ok' : 'warn'), '">';
print 'REMOTE_USER: ',
......@@ -274,7 +285,7 @@ sub main {
print '<table class="attr">';
my $debug_env = (defined($q) && $q->param('debug_env'));
dump_shibboleth_attributes($debug_env);
dump_shibboleth_assertions($ENV{'Shib_Assertion_Count'});
dump_shibboleth_assertions($ENV{'HTTP_SHIB_ASSERTION_COUNT'});
print '</table>';
}
else {
......
dockerfiles/commul-customization/shibboleth2.xml dockerfiles/nginx/shibboleth2.xml
View file @ 24e85c0a
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
logger="syslog.logger" clockSkew="180">
......@@ -17,26 +17,28 @@
To customize behavior for specific resources on Apache, and to link vhosts or
resources to ApplicationOverride settings below, use web server options/commands.
See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationElements for help.
For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
file, and the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapHowTo topic.
-->
<RequestMapper type="XML">
<RequestMap>
<Host name="clarin-dev.eurac.edu"
authType="shibboleth"
requireSession="true"
redirectToSSL="443">
authType="shibboleth"
requireSession="true"
exportAssertion="true"
redirectToSSL="443">
<Path name="/secure" />
</Host>
</RequestMap>
</RequestMapper>
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://clarin-dev.eurac.edu/Shibboleth.sso/Metadata"
REMOTE_USER="eppn persistent-id targeted-id"
cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
REMOTE_USER="eppn persistent-id targeted-id"
sessionHook="/php/aa-statistics.php"
cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
......@@ -47,8 +49,15 @@
Note that while we default checkAddress to "false", this has a negative impact on the
security of your site. Stealing sessions via cookie theft is much easier with this disabled.
-->
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="false" cookieProps="http">
<Sessions lifetime="28800"
timeout="3600"
relayState="ss:mem"
checkAddress="false"
handlerSSL="false"
cookieProps="https"
exportLocation="/GetAssertion"
exportACL="127.0.0.1"
redirectLimit="exact">
<!--
Configures SSO for a default IdP. To allow for >1 IdP, remove
......@@ -57,8 +66,8 @@
You can also override entityID on /Login query string, or in RequestMap/htaccess.
-->
<SSO
discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/discojuice">
SAML2 SAML1
discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/discojuice">
SAML2 SAML1
</SSO>
<!-- <SSO entityID="https://idp.eurac.edu/idp/shibboleth">
......@@ -68,7 +77,7 @@
<!-- SAML and local-only logout. -->
<Logout>SAML2 Local</Logout>
<!-- Extension service that generates "approximate" metadata based on SP configuration. -->
<Handler type="MetadataGenerator" Location="/Metadata" signing="false" template="clarin.eurac.edu.template.metadata.xml"/>
......@@ -89,7 +98,7 @@
<Errors supportContact="clarin@eurac.edu"
helpLocation="/repository/xmlui/page/about"
styleSheet="/shibboleth-sp/main.css"/>
<!-- Example of remotely supplied batch of signed metadata. -->
<!--
<MetadataProvider type="XML" validate="true"
......@@ -97,7 +106,7 @@
backingFilePath="federation-metadata.xml" reloadInterval="7200">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<MetadataFilter type="Signature" certificate="fedsigner.pem"/>
<DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
<DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
attributeName="http://macedir.org/entity-category"
attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
attributeValue="http://refeds.org/category/hide-from-discovery" />
......@@ -140,7 +149,7 @@
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/>
......@@ -155,7 +164,7 @@
the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride topic).
Resource requests are mapped by web server commands, or the RequestMapper, to an
applicationId setting.
Example of a second application (for a second vhost) that has a different entityID.
Resources on the vhost would map to an applicationId of "admin":
-->
......@@ -163,7 +172,7 @@
<ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
-->
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
......
dockerfiles/commul-customization/shibboleth_sp_with_fastcgi.sh dockerfiles/nginx/shibboleth_sp_with_fastcgi.sh
View file @ 24e85c0a
......@@ -21,12 +21,12 @@ function get {
fi
}
get log4shib 1.0.9 http://shibboleth.net/downloads/log4shib/latest/
get xerces-c 3.2.1 http://mirror.hosting90.cz/apache/xerces/c/3/sources/
get xml-security-c 1.7.3 http://mirror.hosting90.cz/apache/santuario/c-library/
get xmltooling 1.6.4 http://shibboleth.net/downloads/c++-opensaml/latest/
get opensaml 2.6.1 http://shibboleth.net/downloads/c++-opensaml/latest/
get shibboleth-sp 2.6.1 http://shibboleth.net/downloads/service-provider/latest/
get log4shib 1.0.9 http://shibboleth.net/downloads/log4shib/1.0.9/
get xerces-c 3.2.2 https://archive.apache.org/dist/xerces/c/3/sources/
get xml-security-c 1.7.3 https://archive.apache.org/dist/santuario/c-library/
get xmltooling 1.6.4 http://shibboleth.net/downloads/c++-opensaml/2.6.1/
get opensaml 2.6.1 http://shibboleth.net/downloads/c++-opensaml/2.6.1/
get shibboleth-sp 2.6.1 http://shibboleth.net/downloads/service-provider/2.6.1/
sed -i '676,679 s/^/\/\//' shibboleth-sp.2.6.1/shibsp/handler/impl/MetadataGenerator.cpp
sed -i '687,688 s/^/\/\//' shibboleth-sp.2.6.1/shibsp/handler/impl/MetadataGenerator.cpp
......
dockerfiles/commul-customization/supervisord.conf dockerfiles/nginx/supervisord.conf
View file @ 24e85c0a
......@@ -75,6 +75,21 @@ user=www-data
stdout_logfile=/var/log/supervisor/shibresponder.log
stderr_logfile=/var/log/supervisor/shibresponder.error.log
[program:php-fpm]
command=/usr/sbin/php-fpm7.0 -c /etc/php/7.0/fpm/php-fpm.conf
autostart=true
autorestart=unexpected
stdout_logfile=/var/log/php-fpm/stdout.log
stdout_logfile_maxbytes=0
stderr_logfile=/var/log/php-fpm/stderr.log
stderr_logfile_maxbytes=0
exitcodes=0
[program:fcgiwrap]
command=/usr/sbin/fcgiwrap -s unix:/tmp/fcgiwrap.socket -f
user=www-data
stdout_logfile=/var/log/supervisor/fcgiwrap.log
stderr_logfile=/var/log/supervisor/fcgiwrap.error.log
[program:nginx]
......@@ -88,5 +103,3 @@ stopwaitsecs=30
; The below sample program section shows all possible program subsection values,
; create one or more 'real' program: sections to be able to control them under
; supervisor.
dockerfiles/postgres/Dockerfile 0 → 100644
View file @ 24e85c0a
##############################################################################
# Dockerfile to build postgres for LINDAT Dspace container
# Based on Postgres
##############################################################################
ARG DSPACE_APP_VERSION
ARG POSTGRES_VERSION=9.6
FROM gitlab.inf.unibz.it:4567/commul/docker/clarin-dspace/dspace-app/2020.02.1:$DSPACE_APP_VERSION as dspace-app
FROM postgres:$POSTGRES_VERSION
ENV TERM linux
# APT(-GET) tweaks
# Set some sane defaults for apt inside docker
ENV DEBIAN_FRONTEND=noninteractive
#
RUN apt-get update && \
apt-get -y upgrade && \
apt-get -y install git && \
rm -rf /var/lib/apt/lists/*
# copy int db script
RUN mkdir -p /docker-entrypoint-initdb.d
COPY init-dspace-dbs.sh /docker-entrypoint-initdb.d/
RUN chmod +x /docker-entrypoint-initdb.d/*
# FIXME: still needed?
# copy over modified config file
#COPY commul-customization/postgresql.conf /tmp/
#COPY commul-customization/updateConfig.sh /docker-entrypoint-initdb.d/_updateConfig.sh
# Adapt license definitions file
RUN mkdir /tmp/sql/
COPY --from=dspace-app /app/utilities/utilities.sql /tmp/sql/
COPY --from=dspace-app /app/utilities/license_definition.txt /tmp/sql
RUN chmod -R a+w /tmp/sql/ && \
perl -pi -e "s#afile :utildir '/license_definition.txt'#afile '/tmp/sql/license_definition.txt'#;" /tmp/sql/utilities.sql
dockerfiles/postgres/Earthfile 0 → 100644
View file @ 24e85c0a
# Usage: earthly --push --no-cache +docker
ARG DSPACE_APP_VERSION
docker-from-docker:
FROM DOCKERFILE --build-arg DSPACE_APP_VERSION=$DSPACE_APP_VERSION .
ARG DOCKER_BASE_URL="gitlab.inf.unibz.it:4567"
ARG EARTHLY_GIT_PROJECT_NAME # https://docs.earthly.dev/earthfile/builtin-args
ARG GIT_PROJECT_NAME="commul/docker/clarin-dspace"
ARG COMMUL_REGISTRY_URL="https://gitlab.inf.unibz.it/commul/docker/clarin-dspace/container_registry/"
ARG LABEL_VCS_URL="https://gitlab.inf.unibz.it/commul/docker/clarin-dspace"
ARG AUTHOR="Egon W. Stemle <egon.stemle@eurac.edu>"
ARG MAINTAINER="Egon W. Stemle <egon.stemle@eurac.edu>"
LABEL author="$AUTHOR"
LABEL maintainer="$MAINTAINER"
# An updated VERSION ARG triggers an update of the texlive installation
ARG EARTHLY_TARGET_TAG
ARG VERSION=$EARTHLY_TARGET_TAG
ARG EARTHLY_GIT_HASH
ARG GIT_HASH=$EARTHLY_GIT_HASH
ARG EARTHLY_TARGET_TAG_DOCKER
ARG TARGET_TAG_DOCKER=$EARTHLY_TARGET_TAG_DOCKER
ARG DOCKER_URL="$DOCKER_BASE_URL/$GIT_PROJECT_NAME/dspace-bundle/postgres"
LABEL org.label-schema.schema-version="1.0" \ # http://label-schema.org/rc1/
org.label-schema.version="$VERSION" \
org.label-schema.vcs-url="$LABEL_VCS_URL" \
org.commul.git-hash="$GIT_HASH" \
org.commul.registry-url="$COMMUL_REGISTRY_URL" \
org.commul.docker-url="$DOCKER_URL"
RUN echo $VERSION > /tmp/release
SAVE ARTIFACT --keep-ts /tmp/release AS LOCAL ./.release
SAVE IMAGE postgres:latest
SAVE IMAGE --push "$DOCKER_URL:latest"
SAVE IMAGE --push "$DOCKER_URL:$VERSION"
docker:
BUILD --build-arg DSPACE_APP_VERSION=$DSPACE_APP_VERSION +docker-from-docker
dockerfiles/commul-customization/init-dspace-dbs.sh dockerfiles/postgres/init-dspace-dbs.sh 100644 → 100755
View file @ 24e85c0a
#!/bin/bash
set -e
# adapt utilities.sql with dspace username from env variable
perl -pi -e 's/\$DSPACE_USER/$ENV{DSPACE_USER}/g;' /tmp/sql/utilities.sql
# populate postgres databases
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $DSPACE_USER WITH PASSWORD '$DSPACE_PASSWORD';
CREATE DATABASE "$DSPACE_DBNAME" OWNER $DSPACE_USER ENCODING "UTF-8" TEMPLATE template0;
......@@ -8,13 +12,3 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
EOSQL
psql --username "$POSTGRES_USER" --set=utildir="/tmp/sql/" -p 5432 $DSPACE_UTILSDBNAME < /tmp/sql/utilities.sql
# this is a better version using kubernetes environment variables
##!/bin/bash
#set -xe
#
#psql --username "$POSTGRES_USER" -c "CREATE USER $dspaceuser WITH PASSWORD '$dspacepassword'";
#psql --username "$POSTGRES_USER" -c "CREATE DATABASE "$dspacedbname" OWNER $dspaceuser ENCODING \"UTF-8\" TEMPLATE template0;"
#psql --username "$POSTGRES_USER" -c "CREATE DATABASE "$dspaceutilsdbname" OWNER $dspaceuser ENCODING \"UTF-8\" TEMPLATE template0;"
#
#psql --username "$POSTGRES_USER" --set=utildir="/tmp/sql/" -p 5432 $secretdspaceutilsdbname < /tmp/sql/utilities.sql
dockerfiles/release.sh
View file @ 24e85c0a
#!/bin/bash
set -e
VERSION=${1:-latest}
docker build -t gitlab.scientificnet.org:4567/commul/dspace/dspace-image:$VERSION . -f Dockerfile.dspace
docker build -t gitlab.scientificnet.org:4567/commul/dspace/nginx-image:$VERSION . -f Dockerfile.nginx
docker build -t gitlab.scientificnet.org:4567/commul/dspace/postgres-image:$VERSION . -f Dockerfile.psql
docker push gitlab.scientificnet.org:4567/commul/dspace/dspace-image:$VERSION
docker push gitlab.scientificnet.org:4567/commul/dspace/nginx-image:$VERSION
docker push gitlab.scientificnet.org:4567/commul/dspace/postgres-image:$VERSION
ERCC_TAG="$(git describe --tags --abbrev=0 $(git rev-list --tags --max-count=1))"
VERSION=${ERCC_TAG:-latest}
earthly --push +docker
echo sed ../kubernetes/*-deployment.yaml -e \"'s#\(.*image: gitlab.inf.unibz.it:4567/.*:\).*#\1'"${VERSION}#"\"
dspace-entrypoint.sh deleted 100644 → 0
View file @ a6d3ddc2
#!/bin/bash
#
# Wiki https://github.com/ufal/clarin-dspace/wiki/Installation
#
#
MAJOR=0
BUILD=2
VERSION="${MAJOR}.${BUILD}"
#set -ex
# let's define some variables
export DSPACE_INSTANCE_NAME=repository
export DSPACE_SOURCE_DIRECTORY=/opt/repository/sources/dspace
export DSPACE_WORKSPACE=/opt/repository/workspace
export DSPACE_INSTALLATION_DIRECTORY=/opt/repository/installations
AAI_CONFIGFILE="/opt/lindat-dspace/installation/webapps/xmlui/themes/UFAL/lib/js/aai_config.js"
DSPACE_CONFIGFILE="$DSPACE_WORKSPACE/sources/local.properties"
#
# functions
#
_logger () {
MSG=$1
if [ ${DEBUG} ]; then
echo -ne "${MSG}"
# else
# echo -ne "${MSG}" >> ${LogFile}
fi
}
_loggerDate() {
_logger "[$(date)] $*"
}
_exit() {
if [ -z $1 ]; then
E_CODE=0
else
E_CODE=$1
fi
rm -rf ${TemporaryPath}
_loggerDate "Script completed\n"
exit ${E_CODE}
}
_printVersion() {
echo "${BASENAME} version ${VERSION}"
}
_printHelp() {
echo "${BASENAME}"
echo "Assembly some stuff, creating things..."
echo
echo "Supported options:"
echo " -d|--debug enable debug"
echo " -V|--version report program version"
echo " -h|--help print this help"
echo
}
_printComment () {
MSG=$1
echo "<"'!'"-- ${MSG} -->"
}
_checkenv () {
set -x
_loggerDate "Checking env variables "
echo $*
tot_args=$#
echo $tot_args
count=0
while [ "$1" ]
do
echo "."
shift
((count++))
done
echo $tot_args $count
if [ "$tot_args" -ne "$count" ];then
exit 1
fi
set +x
}
#
# main script
#
# argument parsing
while [ $1 ]; do
case $1 in
-d|--debug) DEBUG=1
shift
;;
-V|--version) _printVersion
exit 0
;;
-h|--help) _printHelp
exit 0
;;
-t|--test) _notifyByIcingaPassiveCheck
exit 0
;;
*) _printHelp
exit 0
;;
esac
done
_loggerDate "Starting ${BASENAME}\n"
_loggerDate "Cloning lindat-dspace repository..."
if [ ! -d $DSPACE_SOURCE_DIRECTORY ]
then
_logger "in $DSPACE_SOURCE_DIRECTORY \n"
git clone https://github.com/ufal/lindat-dspace.git -b lindat $DSPACE_SOURCE_DIRECTORY
else
_logger "skip! $DSPACE_SOURCE_DIRECTORY already exists \n"
fi
cd $DSPACE_SOURCE_DIRECTORY/utilities/project_helpers
_loggerDate "Creating workspace..."
if [ ! -d $DSPACE_WORKSPACE ]
then
_logger "$DSPACE_WORKSPACE \n"
./setup.sh /opt/repository/workspace
else
_logger "skip! $DSPACE_WORKSPACE already exists \n"
fi
_loggerDate "Copy makefile..."
if [ ! -f $DSPACE_WORKSPACE/config/variable.makefile ]
then
cp /tmp/commul-customization/variable.makefile $DSPACE_WORKSPACE/config/
_logger "$DSPACE_WORKSPACE/config/variable.makefile\n"
else
_logger "skip! $DSPACE_WORKSPACE/config/variable.makefile already exists\n"
fi
_loggerDate "Copy local.properties..."
if [ ! -f $DSPACE_CONFIGFILE ]
then
set -x
cp /tmp/commul-customization/local.properties $DSPACE_CONFIGFILE
set +x
else
_logger "skip! $DSPACE_CONFIGFILE already exists\n"
fi
_loggerDate "Compilation and Deployment of DSpace..."
cd $DSPACE_WORKSPACE/scripts/
if [ ! -f $DSPACE_WORKSPACE/scripts/install_libs.done ]
then
make install_libs
touch $DSPACE_WORKSPACE/scripts/install_libs.done
else
_logger "already done \n"
fi
if [ ! -f $DSPACE_WORKSPACE/scripts/fresh_install.done ]
then
make compile
make fresh_install
touch $DSPACE_WORKSPACE/scripts/fresh_install.done
else
_logger "already done \n"
fi
if [ ! -f $DSPACE_WORKSPACE/scripts/postinstall.done ]
then
make postinstall
touch $DSPACE_WORKSPACE/scripts/postinstall.done
_logger "OK\n"
else
_logger "already done \n"
fi
_loggerDate "Copy aai_config.js..."
if [ ! -f $AAI_CONFIGFILE ]
then
set -x
cp /tmp/commul-customization/aai_config.js $AAI_CONFIGFILE
set +x
else
_logger "skip! $AAI_CONFIGFILE already exists\n"
fi
_loggerDate "Create dspace admin..."
if [ ! -f $DSPACE_WORKSPACE/scripts/tomcatadmin.done ]
then
su tomcat8 -c "/opt/lindat-dspace/installation/bin/dspace create-administrator"
touch $DSPACE_WORKSPACE/scripts/tomcatadmin.done
_logger "OK\n"
else
_logger "already done \n"
fi
_loggerDate "Starting Tomcat..."
/etc/init.d/tomcat8 start
sleep infinity
kubernetes/dspace-deployment.yaml
View file @ 24e85c0a
......@@ -18,6 +18,12 @@ spec:
labels:
io.kompose.service: dspace
spec:
initContainers:
- image: postgres
name: clarin-dspace-check-db-ready
command: ['sh', '-c',
'until pg_isready -h postgres -p 5432;
do echo waiting for database; sleep 2; done;']
containers:
- env:
- name: DSPACE_USER
......@@ -50,7 +56,7 @@ spec:
secretKeyRef:
key: mail.pass
name: dspace-secrets
image: gitlab.scientificnet.org:4567/commul/dspace/dspace-image:1.1
image: gitlab.inf.unibz.it:4567/commul/docker/clarin-dspace/dspace-bundle/dspace:1.4.0-rc18
name: clarin-dspace
imagePullPolicy: Always
ports:
......@@ -62,6 +68,33 @@ spec:
volumeMounts:
- mountPath: /opt/lindat-dspace/installation/assetstore
name: dspace-assetstore
- mountPath: /opt/lindat-dspace/installation/log
name: log-dspace
- mountPath: /opt/tomcat8/logs
name: log-tomcat
- mountPath: /opt/shibboleth-sp-fastcgi/var/log/shibboleth
name: log-shibboleth
readinessProbe:
httpGet:
path: /repository/xmlui/
port: 8080
initialDelaySeconds: 120
failureThreshold: 7
periodSeconds: 15
timeoutSeconds: 5
livenessProbe:
exec:
command:
- /bin/sh
- -c
- REPLY=$(curl -s -o /dev/null -w %{http_code} https://clarin-dev.eurac.edu/repository/xmlui/);
[ "$REPLY" -lt 200 -o "$REPLY" -ge 400 ] && echo "REPLY was $REPLY" && exit 1;
ping -q -c3 -W3 postgres || exit 1;
ps aux | grep -v grep | grep -E "sleep|timeout" || exit 1;
initialDelaySeconds: 240
failureThreshold: 3
periodSeconds: 15
timeoutSeconds: 10
restartPolicy: Always
imagePullSecrets:
- name: gitlab-scientificnet-org-registry
......@@ -78,4 +111,40 @@ spec:
name: client.fs.commul.admin
user: fs.commul.admin
name: dspace-assetstore
- cephfs:
monitors:
- 10.8.55.201:6789
- 10.8.55.202:6789
- 10.8.55.203:6789
- 10.7.55.201:6789
- 10.7.55.202:6789
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/log/dspace
secretRef:
name: client.fs.commul.admin
user: fs.commul.admin
name: log-dspace
- cephfs:
monitors:
- 10.8.55.201:6789
- 10.8.55.202:6789
- 10.8.55.203:6789
- 10.7.55.201:6789
- 10.7.55.202:6789
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/log/tomcat
secretRef:
name: client.fs.commul.admin
user: fs.commul.admin
name: log-tomcat
- cephfs:
monitors:
- 10.8.55.201:6789
- 10.8.55.202:6789
- 10.8.55.203:6789
- 10.7.55.201:6789
- 10.7.55.202:6789
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/log/shibboleth
secretRef:
name: client.fs.commul.admin
user: fs.commul.admin
name: log-shibboleth
status: {}
kubernetes/dspace-ingress.yaml
View file @ 24e85c0a
......@@ -2,9 +2,22 @@ apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/add-base-url: "true"
ingress.kubernetes.io/ssl-passthrough: "true"
# OAI-PMH uses HTTP transport, ie. we can't redirect *all* traffic to https.
# However, we need to make sure that 'our internal' nginx redirects http:// -> https://
# (except for /repository/oai).
ingress.kubernetes.io/ssl-redirect: "false"
# But just to be sure, we are /also/ redirecting here.
ingress.kubernetes.io/configuration-snippet: |
if ($scheme != "https") {
set $rewrite_https 1;
}
if ($request_uri ~ "^/repository/oai") {
set $rewrite_https 0;
}
if ($rewrite_https = 1) {
return 301 https://$server_name$request_uri;
}
kubernetes.io/tls-acme: "true"
name: dspace-ingress
namespace: dspace-dev
spec:
......@@ -13,16 +26,23 @@ spec:
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /repository/oai
- host: clarin-dev.eurac.edu
http:
paths:
- backend:
# we are deliberately misusing port:443 *without* SSL, i.e. *NO*
# ingress.kubernetes.io/secure-backends: "true"
# This will result in https:// redirectes generated from shibboleth
# later on (without the need to change http:// to https://)
# see https://github.com/nginx-shib/nginx-http-shibboleth/issues/22
#
# However, make sure to disable all enforce-SSL settings, for example
# for the [dspace REST
# API](https://wiki.duraspace.org/display/DSDOC5x/REST+API).
#
# For a general overview for SP reverse proxy-ing
# see https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy
#
serviceName: nginx
servicePort: 443
path: /
tls:
- hosts:
- clarin-dev.eurac.edu
secretName: clarin-dev-eurac-edu-tls
kubernetes/nginx-deployment.yaml
View file @ 24e85c0a
......@@ -20,22 +20,35 @@ spec:
io.kompose.service: nginx
spec:
containers:
- image: gitlab.scientificnet.org:4567/commul/dspace/nginx-image:1.1
- image: gitlab.inf.unibz.it:4567/commul/docker/clarin-dspace/dspace-bundle/nginx:1.4.0-rc18
imagePullPolicy: Always
name: clarin-nginx
ports:
- containerPort: 80
- containerPort: 443
resources: {}
volumeMounts:
- mountPath: /opt/shibboleth-sp-fastcgi/etc/shibboleth/certs
name: nginx-shib-certs
- mountPath: /etc/ssl/clarin
- mountPath: /etc/ssl/nginx
name: nginx-ssl-certs
readOnly: true
- mountPath: /opt/shibboleth-sp-fastcgi/var/log/shibboleth
name: log-shibboleth
livenessProbe:
httpGet:
host: clarin-dev.eurac.edu
port: 443
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 3
restartPolicy: Always
imagePullSecrets:
- name: gitlab-scientificnet-org-registry
volumes:
- name: nginx-ssl-certs
secret:
secretName: clarin-dev-eurac-edu-tls
- cephfs:
monitors:
- 10.8.55.201:6789
......@@ -43,11 +56,11 @@ spec:
- 10.8.55.203:6789
- 10.7.55.201:6789
- 10.7.55.202:6789
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/ssl-certs
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/shib-certs
secretRef:
name: client.fs.commul.admin
user: fs.commul.admin
name: nginx-ssl-certs
name: nginx-shib-certs
- cephfs:
monitors:
- 10.8.55.201:6789
......@@ -55,9 +68,9 @@ spec:
- 10.8.55.203:6789
- 10.7.55.201:6789
- 10.7.55.202:6789
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/shib-certs
path: /eurac/commul/projects/clarin/kubernetes/dspace-dev/log/shibboleth
secretRef:
name: client.fs.commul.admin
user: fs.commul.admin
name: nginx-shib-certs
name: log-shibboleth
status: {}
kubernetes/nginx-service.yaml
View file @ 24e85c0a
......@@ -11,9 +11,6 @@ metadata:
namespace: dspace-dev
spec:
ports:
- name: "80"
port: 80
targetPort: 80
- name: "443"
port: 443
targetPort: 443
......
kubernetes/postgres-deployment.yaml
View file @ 24e85c0a
......@@ -48,7 +48,7 @@ spec:
secretKeyRef:
key: dspace.utils.name
name: dspace-secrets
image: gitlab.scientificnet.org:4567/commul/dspace/postgres-image:1.1
image: gitlab.inf.unibz.it:4567/commul/docker/clarin-dspace/dspace-bundle/postgres:1.4.0-rc18
imagePullPolicy: Always
name: clarin-postgres
resources: {}
......
kubernetes/start-kube.sh
View file @ 24e85c0a
......@@ -3,12 +3,12 @@
# kubectl create -f pgdata-persistentvolumeclaim.yaml
kubectl create -f postgres-deployment.yaml
kubectl create -f postgres-service.yaml
sleep 30
#sleep 30
kubectl create -f dspace-deployment.yaml
kubectl create -f dspace-service.yaml
kubectl create -f handle-service.yaml
sleep 30
#sleep 30
kubectl create -f nginx-deployment.yaml
kubectl create -f nginx-service.yaml
sleep 30
#sleep 30
kubectl create -f dspace-ingress.yaml
pgadmin_1.png deleted 100644 → 0
View file @ a6d3ddc2
pgadmin_1.png

45.9 KiB