diff --git a/atlas/knowledge-environment/.env.example b/atlas/knowledge-environment/.env.example index 2ef4608..8155a79 100644 --- a/atlas/knowledge-environment/.env.example +++ b/atlas/knowledge-environment/.env.example @@ -54,3 +54,6 @@ MEM_LIMIT=1073741824 # Authorization token for Enterprise Search API ENV_ES_API_TOKEN= + +# Most recent date for the Recently Released file category +RECENTLY_RELEASED_DATE= \ No newline at end of file diff --git a/atlas/knowledge-environment/docker-compose.dev.yml b/atlas/knowledge-environment/docker-compose.dev.yml index e59c6d4..d6b662f 100644 --- a/atlas/knowledge-environment/docker-compose.dev.yml +++ b/atlas/knowledge-environment/docker-compose.dev.yml @@ -37,6 +37,7 @@ services: MYSQL_HOST: ${ENV_MYSQL_HOST} MYSQL_USER: ${ENV_MYSQL_USER} MYSQL_PASSWORD: ${ENV_MYSQL_PASSWORD} + RECENTLY_RELEASED_DATE: ${RECENTLY_RELEASED_DATE} TZ: "America/Detroit" privileged: true logging: @@ -87,6 +88,8 @@ services: atlas-file-service: image: kingstonduo/atlas-file-service:3.3 + depends_on: + - mariadb ports: - "5000:5000" volumes: @@ -100,6 +103,9 @@ services: - MYSQL_USER=${ENV_MYSQL_USER} - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - BUCKET_NAME=${ENV_BUCKET_NAME} + - MYSQL_HOST=${ENV_MYSQL_HOST} + - MYSQL_USER=${ENV_MYSQL_USER} + - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - TZ=America/Detroit networks: local: diff --git a/atlas/knowledge-environment/docker-compose.local.yml b/atlas/knowledge-environment/docker-compose.local.yml index 90e206a..97a2f8b 100644 --- a/atlas/knowledge-environment/docker-compose.local.yml +++ b/atlas/knowledge-environment/docker-compose.local.yml @@ -37,6 +37,7 @@ services: MYSQL_HOST: ${ENV_MYSQL_HOST} MYSQL_USER: ${ENV_MYSQL_USER} MYSQL_PASSWORD: ${ENV_MYSQL_PASSWORD} + RECENTLY_RELEASED_DATE: ${RECENTLY_RELEASED_DATE} TZ: "America/Detroit" privileged: true logging: @@ -61,6 +62,7 @@ services: MYSQL_HOST: ${ENV_MYSQL_HOST} MYSQL_USER: ${ENV_MYSQL_USER} MYSQL_PASSWORD: ${ENV_MYSQL_PASSWORD} + RECENTLY_RELEASED_DATE: ${RECENTLY_RELEASED_DATE} TZ: "America/Detroit" privileged: true logging: @@ -111,6 +113,8 @@ services: atlas-file-service: image: kingstonduo/atlas-file-service:3.3 + depends_on: + - mariadb ports: - "5000:5000" volumes: @@ -124,6 +128,9 @@ services: - MYSQL_USER=${ENV_MYSQL_USER} - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - BUCKET_NAME=${ENV_BUCKET_NAME} + - MYSQL_HOST=${ENV_MYSQL_HOST} + - MYSQL_USER=${ENV_MYSQL_USER} + - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - "TZ=America/Detroit" networks: local: diff --git a/atlas/knowledge-environment/docker-compose.prod.yml b/atlas/knowledge-environment/docker-compose.prod.yml index 8091909..fbf8d79 100644 --- a/atlas/knowledge-environment/docker-compose.prod.yml +++ b/atlas/knowledge-environment/docker-compose.prod.yml @@ -38,6 +38,7 @@ services: MYSQL_USER: ${ENV_MYSQL_USER} MYSQL_PASSWORD: ${ENV_MYSQL_PASSWORD} ES_API_TOKEN: ${ENV_ES_API_TOKEN} + RECENTLY_RELEASED_DATE: ${RECENTLY_RELEASED_DATE} TZ: "America/Detroit" privileged: true logging: @@ -63,6 +64,7 @@ services: MYSQL_USER: ${ENV_MYSQL_USER} MYSQL_PASSWORD: ${ENV_MYSQL_PASSWORD} ES_API_TOKEN: ${ENV_ES_API_TOKEN} + RECENTLY_RELEASED_DATE: ${RECENTLY_RELEASED_DATE} TZ: "America/Detroit" privileged: true logging: @@ -131,6 +133,9 @@ services: - MYSQL_USER=${ENV_MYSQL_USER} - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - BUCKET_NAME=${ENV_BUCKET_NAME} + - MYSQL_HOST=${ENV_MYSQL_HOST} + - MYSQL_USER=${ENV_MYSQL_USER} + - MYSQL_PASSWORD=${ENV_MYSQL_PASSWORD} - "TZ=America/Detroit" networks: local: diff --git a/cassiopeia/.env.example b/cassiopeia/.env.example index 27a6ea0..006abbc 100755 --- a/cassiopeia/.env.example +++ b/cassiopeia/.env.example @@ -3,7 +3,7 @@ ENV_DOCKER_ENVIRONMENT=development # Spring ENV_APACHE_TOMCAT_PORT=3030 -ENV_SPRING_BOOT_APPDIR=/path/to/your/spring/code +ENV_SPRING_BOOT_CONTAINER=dockerImage/cassiopiea ENV_WSI_FILES_DIR=/data/deepZoomImages ENV_WSI_ORIG_FILES_DIR=/data/knowledgeEnvironment/deepZoom ENV_FLUENTD_ADDRESS=path.to.your.site:24224 diff --git a/cassiopeia/docker-compose.dev.yml b/cassiopeia/docker-compose.dev.yml index 777e88e..a60a0b5 100755 --- a/cassiopeia/docker-compose.dev.yml +++ b/cassiopeia/docker-compose.dev.yml @@ -39,7 +39,7 @@ services: spring: container_name: cassie-spring - image: kingstonduo/cassiopeia-data:latest + image: ${ENV_SPRING_BOOT_CONTAINER} environment: - "TZ=America/Detroit" ports: diff --git a/cassiopeia/docker-compose.prod.yml b/cassiopeia/docker-compose.prod.yml index adc0896..d1cf054 100755 --- a/cassiopeia/docker-compose.prod.yml +++ b/cassiopeia/docker-compose.prod.yml @@ -40,7 +40,7 @@ services: spring: container_name: cassie-spring - image: kingstonduo/cassiopeia-data:1.2 + image: ${ENV_SPRING_BOOT_CONTAINER} environment: - "TZ=America/Detroit" ports: diff --git a/images/apache/apache-dl-proxy/Dockerfile b/images/apache/apache-dl-proxy/Dockerfile index 3ccc7b0..d1d537c 100755 --- a/images/apache/apache-dl-proxy/Dockerfile +++ b/images/apache/apache-dl-proxy/Dockerfile @@ -1,48 +1,32 @@ -FROM oraclelinux:8.5 +FROM debian:buster-slim -# Define args and set a default value -ARG maintainer=tier -ARG imagename=shibboleth_sp -ARG version=2.6.1 +SHELL ["/bin/bash", "-c"] -LABEL Maintainer=$maintainer -LABEL Vendor="Internet2" -LABEL ImageType="Base" -LABEL ImageName=$imagename -LABEL ImageOS=centos7 -LABEL Version=$version - -LABEL Build docker build --rm --tag $maintainer/$imagename . - -# Add starters and installers ADD ./container_files /opt -RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \ - http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo \ - && yum -y update \ - && yum -y install \ - httpd \ - mod_ssl \ - shibboleth.x86_64 \ - dos2unix \ - && yum clean all \ - && rm /etc/httpd/conf.d/autoindex.conf \ - && rm /etc/httpd/conf.d/ssl.conf \ - && rm /etc/httpd/conf.d/userdir.conf \ - && rm /etc/httpd/conf.d/welcome.conf \ - && rm /etc/localtime \ - && chmod +x /opt/bin/httpd-shib-foreground \ - && chmod +x /opt/bin/shibboleth_keygen.sh - +RUN apt-get -qq update && \ + apt-get -qq -y --no-install-recommends install \ + apache2 \ + libapache2-mod-shib2 \ + curl \ + openssl \ + && rm -rf /var/lib/apt/lists/* + +RUN rm /etc/localtime \ + && chmod +x /opt/bin/httpd-shib-foreground \ + && chmod +x /opt/bin/shibboleth_keygen.sh + # Export this variable so that shibd can find its CURL library RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64" RUN export LD_LIBRARY_PATH -#Script to start service, Added ssl default conf, Added shib module apache -RUN ln -s /opt/bin/httpd-shib-foreground /usr/local/bin && ln -s /opt/etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf && ln -s /opt/etc/httpd/conf.d/virt.conf /etc/httpd/conf.d/virt.conf && ln -s /opt/etc/httpd/conf.modules.d/00-shib.conf /etc/httpd/conf.modules.d/00-shib.conf && ln -s /usr/lib64/shibboleth/mod_shib_24.so /etc/httpd/modules/mod_shib_24.so && ln -s /usr/share/zoneinfo/America/Detroit /etc/localtime +RUN chown -R _shibd:_shibd /etc/shibboleth/ +RUN chown -R _shibd:_shibd /var/cache/shibboleth/ + +RUN ln -s /opt/bin/httpd-shib-foreground /usr/local/bin && ln -s /opt/etc/httpd/conf.d/ssl.conf /etc/apache2/conf-enabled/ssl.conf && ln -s /opt/etc/httpd/conf.d/virt.conf /etc/apache2/conf-enabled/virt.conf && ln -s /usr/share/zoneinfo/America/Detroit /etc/localtime +RUN cp /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled && cp /etc/apache2/mods-available/socache_shmcb.load /etc/apache2/mods-enabled && cp /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled -# KPMP Specific Configuration - MAKE EDITS HERE -COPY ./certs/inc-md-cert.pem /etc/pki/tls/certs/inc-md-cert.pem +RUN curl -k https://ds.incommon.org/certs/inc-md-cert.pem -o /etc/ssl/certs/inc-md-cert.pem COPY ./container_files/etc/shibboleth/attribute-map.xml /etc/shibboleth/attribute-map.xml RUN echo "************** Built Apache WITH Shibboleth **************" diff --git a/images/apache/apache-dl-proxy/container_files/bin/httpd-shib-foreground b/images/apache/apache-dl-proxy/container_files/bin/httpd-shib-foreground index 60a415f..df5c959 100755 --- a/images/apache/apache-dl-proxy/container_files/bin/httpd-shib-foreground +++ b/images/apache/apache-dl-proxy/container_files/bin/httpd-shib-foreground @@ -4,4 +4,4 @@ set -e # Apache gets grumpy about PID files pre-existing rm -f /etc/httpd/logs/httpd.pid -(/usr/sbin/shibd) & httpd -DFOREGROUND +/etc/init.d/shibd start & exec apache2ctl -D FOREGROUND diff --git a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/ssl.conf b/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/ssl.conf index ccc067c..d8cda69 100755 --- a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/ssl.conf +++ b/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/ssl.conf @@ -1,4 +1,4 @@ -SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog +SSLPassPhraseDialog builtin SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 diff --git a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/virt.conf b/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/virt.conf index dc9398b..72ac748 100755 --- a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/virt.conf +++ b/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.d/virt.conf @@ -1,5 +1,5 @@ -NameVirtualHost *:443 -Listen 443 +#NameVirtualHost *:443 +#Listen 443 # qa-upload @@ -28,7 +28,7 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user @@ -82,14 +82,14 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user AuthType shibboleth - ShibRequireSession Off + ShibRequestSetting requireSession 0 require shibboleth @@ -137,14 +137,14 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user AuthType shibboleth - ShibRequireSession Off + ShibRequestSetting requireSession 0 require shibboleth @@ -199,7 +199,7 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user @@ -251,7 +251,7 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user @@ -303,7 +303,7 @@ Listen 443 AuthType shibboleth - ShibRequireSession On + ShibRequestSetting requireSession 1 ShibUseHeaders On Require valid-user diff --git a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.modules.d/00-shib.conf b/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.modules.d/00-shib.conf deleted file mode 100755 index 0e5c7b2..0000000 --- a/images/apache/apache-dl-proxy/container_files/etc/httpd/conf.modules.d/00-shib.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so diff --git a/libra/.env.example b/libra/.env.example index d317e38..18ef171 100755 --- a/libra/.env.example +++ b/libra/.env.example @@ -23,6 +23,7 @@ ENV_SHIB_CONF_DIR=/path/to/shib/conf # DMD Stuff ENV_DMD_SERVICE_CONTAINER=kingstonduo/data-management:1.0 +ENV_DLU_WATCHER_CONTAINER= mysql_user= mysql_pwd== mysql_host=mariadb @@ -37,3 +38,4 @@ spectrack_base_url= # Globus and Data Lake filesystem mounts ENV_DATALAKE_FILE_DIR= ENV_GLOBUS_FILE_MOUNT= +INSIDE_DOCKER=true diff --git a/libra/docker-compose.dev.yml b/libra/docker-compose.dev.yml index 95a989f..29b6ca2 100755 --- a/libra/docker-compose.dev.yml +++ b/libra/docker-compose.dev.yml @@ -42,6 +42,30 @@ services: aliases: - data-manager-service + dlu-watcher-service: + container_name: dlu-watcher + image: ${ENV_DLU_WATCHER_CONTAINER} + environment: + - mysql_user=${mysql_user} + - mysql_pwd=${mysql_pwd} + - mysql_host=${mysql_host} + - mysql_port=${mysql_port} + - mysql_db=${mysql_db} + - mongo_host=${mongo_host} + - mongo_port=${mongo_port} + - mongo_db=${mongo_db} + - globus_data_directory=${ENV_GLOBUS_FILE_MOUNT} + - dlu_data_directory=${ENV_DATALAKE_FILE_DIR} + - spectrack_token=${spectrack_token} + - spectrack_base_url=${spectrack_base_url} + - INSIDE_DOCKER=${INSIDE_DOCKER} + volumes: + - "${ENV_GLOBUS_FILE_MOUNT}:/globus" + - "${ENV_DATALAKE_FILE_DIR}:/data" + networks: + dataLake: + + volumes: esdata: diff --git a/libra/docker-compose.local.yml b/libra/docker-compose.local.yml index f32cf68..6101726 100644 --- a/libra/docker-compose.local.yml +++ b/libra/docker-compose.local.yml @@ -1,9 +1,9 @@ version: "3" services: - data-manager-service: + data-manager-service: container_name: data-manager-service image: ${ENV_DMD_SERVICE_CONTAINER} - entrypoint: ["flask", "run"] + entrypoint: [ "flask", "run" ] expose: - 5000 environment: @@ -19,15 +19,38 @@ services: - spectrack_base_url=${spectrack_base_url} volumes: - "${ENV_DATALAKE_FILE_DIR}:/data" - - "${ENV_GLOBUS_FILE_MOUNT}:/globus" + - "${ENV_GLOBUS_FILE_MOUNT}:/globus" networks: dataLake: aliases: - data-manager-service + dlu-watcher-service: + container_name: dlu-watcher + image: ${ENV_DLU_WATCHER_CONTAINER} + environment: + - mysql_user=${mysql_user} + - mysql_pwd=${mysql_pwd} + - mysql_host=${mysql_host} + - mysql_port=${mysql_port} + - mysql_db=${mysql_db} + - mongo_host=${mongo_host} + - mongo_port=${mongo_port} + - mongo_db=${mongo_db} + - spectrack_token=${spectrack_token} + - spectrack_base_url=${spectrack_base_url} + - INSIDE_DOCKER=${INSIDE_DOCKER} + volumes: + - "${ENV_DATALAKE_FILE_DIR}:/data" + - "${ENV_GLOBUS_FILE_MOUNT}:/globus" + networks: + dataLake: + + volumes: esdata: + networks: dataLake: external: true diff --git a/libra/docker-compose.prod.yml b/libra/docker-compose.prod.yml index f892657..b0ca917 100644 --- a/libra/docker-compose.prod.yml +++ b/libra/docker-compose.prod.yml @@ -28,18 +28,25 @@ services: - data-manager-service dlu-watcher-service: - container_name: dlu-watcher - image: kingstonduo/dlu-watcher:1.0 - environment: - - mysql_user=${mysql_user} - - mysql_pwd=${mysql_pwd} - - mysql_host=${mysql_host} - - mysql_port=${mysql_port} - - mysql_db=${mysql_db} - networks: - dataLake: - aliases: - - dlu-watcher + container_name: dlu-watcher + image: ${ENV_DLU_WATCHER_CONTAINER} + environment: + - mysql_user=${mysql_user} + - mysql_pwd=${mysql_pwd} + - mysql_host=${mysql_host} + - mysql_port=${mysql_port} + - mysql_db=${mysql_db} + - mongo_host=${mongo_host} + - mongo_port=${mongo_port} + - mongo_db=${mongo_db} + - spectrack_token=${spectrack_token} + - spectrack_base_url=${spectrack_base_url} + - INSIDE_DOCKER=${INSIDE_DOCKER} + volumes: + - "${ENV_DATALAKE_FILE_DIR}:/data" + - "${ENV_GLOBUS_FILE_MOUNT}:/globus" + networks: + dataLake: networks: diff --git a/orion/.env.example b/orion/.env.example index 8a10cd8..a09be57 100755 --- a/orion/.env.example +++ b/orion/.env.example @@ -16,6 +16,9 @@ ENV_REACT_APPDIR=/home/vagrant/code/kpmp/web # MongoDB ENV_MONGO_PORT=27017 +#User auth +ENV_USER_AUTH_IMAGE=kingstonduo/user-auth + # Apache - Only used for docker-compose.dev.yml ENV_APACHE_SERVER_NAME=upload.kpmp.org diff --git a/orion/docker-compose.dev.yml b/orion/docker-compose.dev.yml index 1d0150f..3f26fd7 100755 --- a/orion/docker-compose.dev.yml +++ b/orion/docker-compose.dev.yml @@ -59,7 +59,7 @@ services: user-auth: container_name: user-auth - image: kingstonduo/user-auth:2.0 + image: ${ENV_USER_AUTH_IMAGE} environment: DEFAULT_CLIENT_ID: ${ENV_DEFAULT_CLIENT_ID} TZ: "America/Detroit" diff --git a/orion/docker-compose.prod.yml b/orion/docker-compose.prod.yml index ee8b4c3..99d7093 100755 --- a/orion/docker-compose.prod.yml +++ b/orion/docker-compose.prod.yml @@ -50,7 +50,7 @@ services: user-auth: container_name: user-auth - image: kingstonduo/user-auth:2.0 + image: ${ENV_USER_AUTH_IMAGE} restart: unless-stopped environment: DEFAULT_CLIENT_ID: ${ENV_DEFAULT_CLIENT_ID}